Injection attacks on Runtime.exec
Hey all,
I am trying to prove that an injection attack is not possible on the following code, where "filePath" and "args" are supplied from an unknown source.
Process p = Runtime.getRuntime().exec("java -Djava.security.manager " + filePath + " " + args, null, new File("C:\\Program Files\\eclipse\\workspace\\bin"));
I have verified that filePath does indeed point to a Java class file that is a child of the bin directory. NB -Djava.security.manager is the default java security manager which will invoke the program with similar privileges to that of an applet (so the invoked program is fully sandboxed).
Thanks,
Will
For example, if I do the following:
touch erase_me
echo `rm -f .`the file is actually erased. Have you tried something like this when you pass in a value for 'args'?
- Saish
Similar Messages
-
Hello,
I have a program where a user can enter a binary path to openssl. The program then appends some hardcoded arguments to the openssl binary to do some crypto operation. I'm using Runtime.exec(String) to execute the command. For example:
*/usr/bin/openssl* smime -sign -certfile ....
Only the bold part of the command can be chosen by the user.
I'm a bit concerned about the security and I'm scared that a user could actually execute any command by injecting some shell code by entering for instance "verybadcommand #". I tried this and the execution fails which is good but are there any special things I should keep on mind ?
Thanks in advance,
Tex
Edited by: Tex-Twil on Feb 25, 2009 8:35 AMSolved the problem. I was setting the DISPLAY variable when I launched the X application but not the XAUTHORITY variable. Once that was set the X application launched as expected.
- Bill -
Hi all. I'm not sure if this is the correct forum for this question but I use Runtime.exec() to create a new mozilla process. I have no problem creating the process itself but I need to have a way to communicate with the process to determine whether or not a local file has been successfully loaded into the browser. I programmatically load some html content in mozilla and I need to get the current "state" of the browser (i.e. is the content fully loaded and displayed on the screen or is mozilla still busy loading the html file?). I figure that the only way to determine this state is to get the Processes input stream and to read data from that stream but I don't know if mozilla writes data to it's output stream that indicates what state the application is in. Does anybody have a solution to this problem (Whether using streams or some other approach)? Thanks in advance.
It may be possible to hack Mozilla to get that sort of information, although most likely its security is good enough to prevent attacks of that kind. But in any case Runtime.exec() isn't going to help.
-
Runtime.exec() - how to open new window for new program?
Hi,
I have searched through the forums but haven't found an answer to this one yet. I am using runtime.exec() to start up a new java program. At first I thought it wasn't running properly but, after checking task manager, I have discovered that the new program I open runs, it is just completely invisible to me. I am wondering how I can get the new program to run in a command window or something where I can monitor it.
Thank you for your help,
DrewThank you all. After trying to figure out why the start command wouldn't work in the runtime.exec() call(not an executable - I am a dolt), I tried putting it in a batch file and it worked perfectly. Thanks for your help,
Drew -
How to capture Runtime.exec() output? doesn't seem to work?
This is the first time I've used Runtime.exec();
Here's the code:
Runtime rt = Runtime.getRuntime();
process = rt.exec(jobCommand);
BufferedReader input = new BufferedReader(new InputStreamReader(process.getInputStream()));
String line=null;
while((line=input.readLine()) != null) {
System.out.println("OUTPUT: " + line);
int exitVal = process.waitFor();
} catch(Exception e) {
e.printStackTrace();
}//end catchas you can see, this is just copied and pasted out of the standard example for this method.
When it gets to the line:
while((line=input.readLine()) != null)
it doesn't read anything. However, when i run the SAME exact command from the windows CMD prompt i get a ton of output.
what am i doing wrong here?
thanks.Welcome to the forum!
>
as you can see, this is just copied and pasted out of the standard example for this method.
>
No one can see that - you didn't post a link to the example you said you copied.
>
it doesn't read anything. However, when i run the SAME exact command from the windows CMD prompt i get a ton of output.
>
No one can see what command you are talking about; you didn't post the commnd or even describe what output you expect to get.
>
what am i doing wrong here?
>
What you are doing wrong is not providing the code you are using, the command you are using or enough information about what exactly you are doing.
No one can try to reproduce your problem based on what you posted. -
How to display Runtime.exec() command line output via swing
Hi all, I'm new to java but have a pretty good understanding of it. I'm just not familiar with all the different classes. I'm having trouble capturing the output from a command I'm running from my program. I'm using Runtime.exec(cmdarray) and I'm trying to display the output/results to a JFrame. Once I get the output to display in a JFrame, I'd like it to be almost like a java command prompt where I can type into it incase the command requires user interaction.
The command executes fine, but I just don't know how to get the results of the command when executed. The command is executed when I click a JButton, which I'd like to then open a JFrame, Popup window or something to display the command results while allowing user interaction.
Any examples would be appreciated.
Thank you for your help in advance and I apologize if I'm not clear.You can get the standard output of the program with Process.getInputStream. (It's output from the process, but input to your program.)
This assumes of course that the program you're running is a console program that reads/writes to standard input/output.
In fact, you really should read from standard output and standard error from the process you start, even if you're not planning to use them. Read this:
When Runtime Exec Won't -
Using Runtime exec() to open and close process like java or javac
Hi, I m a student who is learning IT and is wondering if
Runtime exec() can run and stop commands like java and javac?
Can someone post the code to do so here?Thank youWell, Here is my complete code:
import java.util.*;
import java.io.*;
import javax.swing.*;
import java.awt.event.*;
import java.awt.*;
class StreamGobbler extends Thread
InputStream is;
String type;
StreamGobbler(InputStream is, String type)
this.is = is;
this.type = type;
public void run()
try
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String line=null;
while ( (line = br.readLine()) != null)
System.out.println(type + ">" + line);
} catch (IOException ioe)
ioe.printStackTrace();
class Program implements Runnable
Process proc;
String args[];
String[] cmd = new String[4];
boolean isGone=false;
public Program(String args[])
this.args=args;
public void run()
if (isGone==true)
try
Runtime.getRuntime().exec(cmd).destroy();
catch(IOException e)
System.out.println("Error: "+e.toString());
System.out.println("User abort");
public void start(String args[])
if (args.length < 1)
System.out.println("USAGE: java GoodWindowsExec <cmd>");
System.exit(1);
try
String osName = System.getProperty("os.name" );
if( osName.equals( "Windows NT" ) )
cmd[0] = "cmd.exe" ;
cmd[1] = "/C" ;
cmd[3] = args[0];
else if( osName.equals( "Windows 95" ) ||osName.equals( "Windows 98" ))
cmd[0] = "command.com" ;
cmd[1] = "/C" ;
cmd[2] = args[0];
cmd[3]=args[1];
Runtime rt = Runtime.getRuntime();
// System.out.println("Execing " + cmd[0] + " " + cmd[1]
// + " " + cmd[2]+" "+args[1]);
proc = rt.exec(cmd);
// any error message?
StreamGobbler errorGobbler = new
StreamGobbler(proc.getErrorStream(), "ERROR");
// any output?
StreamGobbler outputGobbler = new
StreamGobbler(proc.getInputStream(), "OUTPUT");
// kick them off
errorGobbler.start();
outputGobbler.start();
// any error???
// int exitVal = proc.waitFor();
//System.out.println("ExitValue: " + exitVal);
} catch (Throwable t)
t.printStackTrace();
public void destroy()
isGone=true;
class test1 implements ActionListener
String s[]={"c:\\jdk1.3\\bin\\java.exe","ContactProcessor1"};
GUI g=new GUI();
Program p=new Program(s);
public test1()
//didnt work
g.getStart().addActionListener(this);
g.getStop().addActionListener(this);
g.show();
public void actionPerformed(ActionEvent e)
if (e.getSource()==g.getStart())
p.start(s);
p.run();
if (e.getSource()==g.getStop())
p.destroy();
p.run();
public static void main(String args[])
test1 t = new test1();
class GUI extends JFrame
JButton start;
JButton stop;
public GUI()
super();
getContentPane().setLayout(new FlowLayout());
start=new JButton("start");
stop=new JButton("stop");
getContentPane().add(start);
getContentPane().add(stop);
setSize(100,100);
public JButton getStart()
return start;
public JButton getStop()
return stop;
} -
Custom Annotation :: inject object at runtime
I would like develop a custom annotation to inject object at runtime. The annotation will work as follows
1. develop ValidatorClass annotation on type.
2. If annotated on a type object will be created at runtime and injected to the object. e.g. in class A it will inject validatorimpl object to vald object/
Please let me know how to implement that.
package com.debopam.validate
public interface validator{
public String validate();
package com.debopam.validate
public class validatorimpl implements validator{
public String validate(){
return "true";
pckage com.debopam
public class A{
@ValidatorClass(name="com.debopam.validate.validatorimpl")
validator vald;
}yogeshd,
It might be that the .class file for the annotation that you are compiling against is the one you have given us the source code for above, but when you run the program, the class file for the annotation is not the same, and is one that was compiled before you added the static field.
This can happen if your classpath is wrong. (and would explain why the problem only occurs sometimes - because it is only failing when the classpath is wrong).
If you run the following program with the Fully qualified name of your annotation as the argument, and with the same classpath as you run your program, it can tell you where it is finding the annotation class file. Check that this is the same one that you are compiling to.
class WhereLoaded {
public static void main(String[] args) {
Class theClass=null;
if(args.length > 0) {
try {
theClass=Class.forName(args[0]);
} catch (Exception e) {
e.printStackTrace();
theClass=Object.class;
} else {
System.out.println(
"The first argument should be a fully qualified class name," +
" using java.lang.Object instead"
theClass=Object.class;
String name=theClass.getName();
name=name.substring(name.lastIndexOf(".")+1) + ".class";
System.out.println(name + " loaded from " + theClass.getResource(name));
}regards
Bruce -
Error in opening a file with name in chinese characters with Runtime.exec
The issue at hand is when I try to open a file with file name containing chinese characters in a localized environment in Windows through the following java code:
Runtime.exec("rundll32 SHELL32.DLL,ShellExec_RunDLL {File_With_FileName_containing_Chinese_character}");
the following error is thrown by windows.
Cannot open file "C:\??.txt".
with the exception
java.io.IOException: CreateProcess: [Ljava.lang.String;@f5da06 error=2
at java.lang.Win32Process.create(Native Method)
at java.lang.Win32Process.<init>(Win32Process.java:66)
at java.lang.Runtime.execInternal(Native Method)
at java.lang.Runtime.exec(Runtime.java:566)
at java.lang.Runtime.exec(Runtime.java:428)
at java.lang.Runtime.exec(Runtime.java:364)
at java.lang.Runtime.exec(Runtime.java:326)
at Launcher.main(Launcher.java:26)
When I try to use the same command (shown below) from the Windows Run command, the file opens sucessfully
rundll32 SHELL32.DLL,ShellExec_RunDLL {File_With_FileName_containing_Chinese_character}
Please suggest.
Thanks in advanceThis may be a file association problem. To solve that:
In Windows 7:
1. Right-click the file,
2. Select "Open With"
select [Your Program Here]
3. Check always use this program.
In Windows XP:
1. Locate the file as you have described above
2. Right click the file
3. Select Open with from the pop-up menu
4. Click Choose default program…
5. Select Excel in the Recommended Programs box
6. Check Always use the selected program to open this kind of file
7. Click on OK.
1. Make Excel not available from Office 2007 listed under Programs and Features in Control Panel.
2. Take a registry backup using the steps given here
3. In the registry editor window expand HKEY_CLASSES_ROOT and navigate to .xls right and delete it.
4. Exit Registry Editor
5. Undo Step 1 to make Excel available.
6. Restart the computer and verify it the issue is fixed.
If this answer solves your problem, please check Mark as Answered. If this answer helps, please click the Vote as Helpful button. Cheers, Shane Devenshire -
The Runtime.exec methods doesn't work well on Solaris ???
I have two threads and I set the different running time.
I use Runtime.exec to a run the command and use Process to get the process.
It works properly in the windows2000 platform.
However, when I transfer the platform to Solaris...and run the program...
Two threads always at the same time....It is very wired....I always debug
for 2 days....
(at first I run "vmstat 1 2" command, later I change to "ls","rmdir"....etc,
all of them don't work.....
If I close the Runtime.exec..........Everything works well......)
And I study the API. I found this message...
The Runtime.exec methods may not work well for special processes on certain
native platforms, such as native windowing processes, daemon processes,
Win16/DOS processes on Win32, or shell scripts. The created subprocess does
not have its own terminal or console.
Could someone share her/his experience.....:(
And if any other way I can run command inside java code instead of
Runtime.exec.....???
Please reply my mail to [email protected] I do appreciate your kindly &
great help!!!!!!!!
This is my code.......
import java.io.*;
import java.lang.*;
import java.util.*;
* <p>ServerThread1</p>
* <p>??�X???��?�D???�X???, "Vmstat 1 2".</p>
class ServerThread1 extends Thread{
private ServerAgent Sa;
public ServerThread1 (String Name, ServerAgent Sa){
super(Name);
this.Sa = Sa; file://Assign ServerAgent reference Sa
public void run(){
while(true){
try{
Thread.sleep(5000);
catch (Exception e){
System.out.println("ServerThread1 fails");
System.out.println("Thread1 is running.");
try {
Runtime rt1 = Runtime.getRuntime();
Process proc1 = rt1.exec("mkdir"); ------>If I close
rt1.exec , two threads works seperately...........:(
catch (Exception e) {
System.out.println("Thread1 Error");
class ServerThread2 extends Thread{
private ServerAgent Sa;
public ServerThread2 (String Name, ServerAgent Sa){
super(Name);
this.Sa = Sa;
public void run(){
while(true){
try{
Thread.sleep(15000);
catch (Exception e){
System.out.println("ServerThread2 fails");
System.out.println("Thread2 is running.");
try {
Runtime rt2 = Runtime.getRuntime();
Process proc2 = rt2.exec("vmstat 1 2"); ----->If I don't run
the rt2.exe, two threads work seperately....
catch (Exception e) {
System.out.println("Thread2 Error");
public class ServerAgent{
private Vector v1 = new Vector();
private Vector v2 = new Vector();
private Hashtable currentData = new Hashtable();
private static String startUpSwap = null;
private static String startUpMem = null;
public static void main(String[] arg) {
ServerAgent s = new ServerAgent();
ServerThread1 st1 = new ServerThread1("Thread1",s);
ServerThread2 st2 = new ServerThread2("Thread2",s);
st1.start();
st2.start();If I close the Runtime.exec..........Everything works
well......)You don't empty the output of the command, that blocks the process.
A citation from
http://www.javaworld.com/javaworld/jw-12-2000/jw-1229-traps.html
Why Runtime.exec() hangs
The JDK's Javadoc documentation provides the answer to this question:
Because some native platforms only provide limited buffer size for standard input and output streams, failure to promptly write the input stream or read the output stream of the subprocess may cause the subprocess to block, and even deadlock.
Try out something like this:
String s;
try {
Process myProcess =
Runtime.getRuntime().exec("ls -l"));
DataInputStream in = new DataInputStream(
new BufferedInputStream(myProcess.getInputStream()));
while ((s = in.readLine()) != null) {
out.println(s);
catch (IOException e) {
out.println("Error: " + e);
}Another source of trouble under Unix is not having the correct permission for that user that executes the Java VM, which will be the permissions for the spawned subprocess. But this probably not the case, as you see something after exit.
Regards,
Marc -
How to give path in Runtime. exec( )
Hi,
I am trying to create an user interface, in which, it should open a different file (for example, example.doc)when a button is clicked in the applet. let us say, the path for example.doc is "C:\\WINDOWS\\DeskTOP\\folder1".
I tried with the following code
Runtime.getRuntime().exec("C:\\WINDOWS\\Desktop\\folder1\\example.doc");
but, when I click on the button it is not opening example file and I am getting an exception. I am using Runtime.exec() command for the first time.Anybody can help me with this???Since when was a document an executable? The main problem is many people think Runtime.exec () is the same thing as the command line. The answer is, it's not. Typing "example.doc" in the windows terminal emulator (also known as cmd.exe in Windows 2000/XP or command.com in others) will work because example.doc is opened with the application configured to open files with the ".doc" extension.
However, files ending with ".doc" are not executables. If you wish to open a ".doc" file with the associated application, try this: Runtime.getRuntime ().exec ("cmd /c example.doc"); Not that I don't know if this will work with command.com as I haven't tried, but it should work with cmd.exe without problems.
Hope it helps.
Cheers -
Runtime.exec() - Need to execute unix command through pipe
I want to execute something like this from Runtime.exec() :
tar -czp -C /tmp/ myfile | ssh -qx -c blowfish remoteHost tar -xz -C /tmp/
If I give the complete string as it is, then the system takes ssh command and the arguments to ssh (-qx) as arguments for tar and, thus, fails. I guess the reason is that the Runtime just takes the first string as the command and passes everything else as arguments to the command.
How can I achieve this?The pipe symbol is interpreted by the shell, so you'd need the command you execute to be a shell (/bin/sh, /bin/csh /bin/bash, etc.) and the rest of it to be the args to that shell.
Look at the man page for your shell. There should be a -c or somesuch argument that means "take the rest of this line as a command to execute in the shell I'm creating, which will then execute."
Something like /bin/bash -c foo \| bar Not sure if you have to escape the pipe or not. Futz around with it and see. -
How can I run Runtime.exec command in Java To invoke several other javas?
Dear Friends:
I met a problem when I want to use a Java program to run other java processes by Runtime.exec command,
How can I run Runtime.exec command in Java To invoke several other java processes??
see code below,
I want to use HelloHappyCall to call both HappyHoliday.java and HellowWorld.java,
[1]. main program,
package abc;
import java.util.*;
import java.io.*;
class HelloHappyCall
public static void main(String[] args){
try
Runtime.getRuntime().exec("java -version");
Runtime.getRuntime().exec("cmd /c java HelloWorld "); // here start will create a new process..
System.out.println("Never mind abt the bach file execution...");
catch(Exception ex)
System.out.println("Exception occured: " + ex);
} [2]. sub 1 program
package abc;
import java.util.*;
import java.io.*;
class HelloWorld
public static void main(String[] args){
System.out.println("Hellow World");
} [3]. Sub 2 program:
package abc;
import java.util.*;
import java.io.*;
class HappyHoliday
public static void main(String[] args){
System.out.println("Happy Holiday!!");
} When I run, I got following:
Never mind abt the bach file execution...
I cannot see both Java version and Hellow World print, what is wrong??
I use eclipse3.2
Thanks a lot..sunnymanman wrote:
Thanks,
But How can I see both programs printout
"Happy Holiday"
and
"Hello World"
??First of all, you're not even calling the Happy Holiday one. If you want it to do something, you have to invoke it.
And by the way, in your comments, you mention that in one case, a new process is created. Actually, new processes are created each time you call Runtime.exec.
Anyway, if you want the output from the processes, you read it using getInputStream from the Process class. In fact, you really should read that stream anyway (read that URL I sent you to find out why).
If you want to print that output to the screen, then do so as you'd print anything to the screen.
in notepad HelloWorld.java, I can see it is opened,
but in Java, not.I have no idea what you're saying here. It's not relevant whether a source code file is opened in Notepad, when running a program. -
How to capture output of java files using Runtime.exec
Hi guys,
I'm trying to capture output of java files using Runtime.exec but I don't know how. I keep receiving error message "java.lang.NoClassDefFoundError:" but I don't know how to :(
import java.io.*;
public class CmdExec {
public CmdExec() {
public static void main(String argv[]){
try {
String line;
Runtime rt = Runtime.getRuntime();
String[] cmd = new String[2];
cmd[0] = "javac";
cmd[1] = "I:\\My Documents\\My file\\CSM\\CSM00\\SmartQ\\src\\E.java";
Process proc = rt.exec(cmd);
cmd = new String[2];
cmd[0] = "javac";
cmd[1] = "I:\\My Documents\\My file\\CSM\\CSM00\\SmartQ\\src\\E";
proc = rt.exec(cmd);
//BufferedReader input = new BufferedReader(new InputStreamReader(p.getInputStream()));
BufferedReader input = new BufferedReader(new InputStreamReader(proc.getErrorStream()));
while ((line = input.readLine()) != null) {
System.out.println(line);
input.close();
catch (Exception err) {
err.printStackTrace();
public class E {
public static void main(String[] args) {
System.out.println("hello world!!!!");
}Please help :)Javapedia: Classpath
How Classes are Found
Setting the class path (Windows)
Setting the class path (Solaris/Linux)
Understanding the Java ClassLoader
java -cp .;<any other directories or jars> YourClassNameYou get a NoClassDefFoundError message because the JVM (Java Virtual Machine) can't find your class. The way to remedy this is to ensure that your class is included in the classpath. The example assumes that you are in the same directory as the class you're trying to run.
javac -classpath .;<any additional jar files or directories> YourClassName.javaYou get a "cannot resolve symbol" message because the compiler can't find your class. The way to remedy this is to ensure that your class is included in the classpath. The example assumes that you are in the same directory as the class you're trying to run. -
How to capture output from Runtime.exec() ?
Hi,
Well, the question is in the subject ...
I'd like to capture the output of a process ran by Runtime.exec() in order to process it.
thanks,
ionelOkay ...
Sorry for the post !
I found the solution : Runtime.exec().getOutputStream()
Thanks however
ionel
Maybe you are looking for
-
Viewing Events in a List Format
Trying to Organize on Iphoto over 15k Photos that were previously very organized on my PC. On the PC I had my photos in what would be considered folders/albums on I photos. I did the import from my external harddrive and ended up with a lot of random
-
Mail hangs on my Power Book G4
Hi there, Previously I have been able to access my mail from both my G5 and my Power Book. Now for no reason (that I can figure out) all my mail boxes are empty and Mail just hangs on my laptop. No problem with G5 so mail account is good. Also can ge
-
Internal order and its link to equipment master record
What is internal order? How it is created and its link to equipment master record?
-
How to excute commands in DOS ?
I want to execute DOS commands like "shutdown -i" in my Java application but I'm not able to get it done. I've used the method as follows but it does not work(does not throw any exceptions as well): try Process child=Runtime.getRuntime().exec("shutdo
-
Help me change my security questions.