db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d..@apache.org
Subject svn commit: r547739 - in /db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect: JarLoader.java UpdateLoader.java
Date Fri, 15 Jun 2007 16:49:54 GMT
Author: djd
Date: Fri Jun 15 09:49:53 2007
New Revision: 547739

URL: http://svn.apache.org/viewvc?view=rev&rev=547739
Log:
DERBY-2331 Disable classes in installed jar files from referencing Derby's internal classes.

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/JarLoader.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/JarLoader.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/JarLoader.java?view=diff&rev=547739&r1=547738&r2=547739
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/JarLoader.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/JarLoader.java
Fri Jun 15 09:49:53 2007
@@ -150,6 +150,37 @@
 	 */
 	protected Class loadClass(String className, boolean resolve) 
 		throws ClassNotFoundException {
+        
+        // Classes in installed jars cannot reference
+        // Derby internal code. This is to avoid
+        // code in installed jars bypassing SQL
+        // authorization by calling Derby's internal methods.
+        //
+        // Any classes in the org.apache.derby.jdbc package
+        // are allowed as it allows routines to make JDBC
+        // connections to other databases. This does expose
+        // public classes in that package that are not part
+        // of the public api to attacks. One could attempt
+        // further limiting allowed classes to those starting
+        // with Embedded (and Client) but when fetching the
+        // default connection in a routine (jdbc:default:connection)
+        // the DriverManager attempts a load of the already loaded
+        // AutoloadDriver, I think to establish the calling class
+        // has access to the driver.
+        //
+        // This check in addition to the one in UpdateLoader
+        // that prevents restricted classes from being loaded
+        // from installed jars. The checks should be seen as
+        // independent, ie. the restricted load check should
+        // not make assumptions about this check reducing the
+        // number of classes it has to check for.
+        if (className.startsWith("org.apache.derby.")
+                && !className.startsWith("org.apache.derby.jdbc."))
+        {
+            ClassNotFoundException cnfe = new ClassNotFoundException(className);
+            //cnfe.printStackTrace(System.out);
+            throw cnfe;
+        }
 
 		// we attempt the system class load even if we
 		// are stale because otherwise we will fail

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java?view=diff&rev=547739&r1=547738&r2=547739
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java
Fri Jun 15 09:49:53 2007
@@ -185,6 +185,8 @@
 					return clazz;
                 
                 // Refuse to load classes from restricted name spaces
+                // That is classes in those name spaces can be not
+                // loaded from installed jar files.
                 for (int i = 0; i < RESTRICTED_PACKAGES.length; i++)
                 {
                     if (className.startsWith(RESTRICTED_PACKAGES[i]))



Mime
View raw message