db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From krist...@apache.org
Subject svn commit: r691576 - in /db/derby/code/trunk/java: drda/org/apache/derby/impl/drda/ engine/org/apache/derby/iapi/util/ engine/org/apache/derby/impl/load/ engine/org/apache/derby/impl/services/monitor/ engine/org/apache/derby/impl/store/raw/data/ testi...
Date Wed, 03 Sep 2008 11:25:25 GMT
Author: kristwaa
Date: Wed Sep  3 04:25:24 2008
New Revision: 691576

URL: http://svn.apache.org/viewvc?rev=691576&view=rev
Log:
DERBY-2556: Code paths for db restore do not use doPrivileged-calls, causing SecurityException.
Removed utility class calling AccessController.doPrivileged, because it is a security hole
and it is strongly discouraged by the Java docs.
Adjusted the policy files as the code bases changed when the code moved into different classes.
Patch file: derby-2556-5b-reworked_fix.diff

Removed:
    db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/PrivilegedFileOps.java
Modified:
    db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DssTrace.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/load/Export.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
    db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy

Modified: db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DssTrace.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DssTrace.java?rev=691576&r1=691575&r2=691576&view=diff
==============================================================================
--- db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DssTrace.java (original)
+++ db/derby/code/trunk/java/drda/org/apache/derby/impl/drda/DssTrace.java Wed Sep  3 04:25:24
2008
@@ -24,12 +24,10 @@
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 
-import org.apache.derby.iapi.util.PrivilegedFileOps;
-
-
 // Generic process and error tracing encapsulation.
 // This class also traces a DRDA communications buffer.
 // The value of the hex bytes are traced along with
@@ -179,10 +177,16 @@
                 // Attempt to make the trace directory if it does not exist.
                 // If we can't create the directory the exception will occur 
                 // when trying to create the trace file.
-                File traceDirectory = new File(fileName).getParentFile();
-                if (traceDirectory != null)
-                {
-                    PrivilegedFileOps.mkdirs(traceDirectory);
+                final File traceDirectory = new File(fileName).getParentFile();
+                if (traceDirectory != null) {
+                    AccessController.doPrivileged(
+                            new PrivilegedAction() {
+                                public Object run() {
+                                    traceDirectory.mkdirs();
+                                    return null;
+                                }
+                            });
+
                 }
                 // The writer will be buffered for effeciency.
                 comBufferWriter =  ((PrintWriter)AccessController.doPrivileged(

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/load/Export.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/load/Export.java?rev=691576&r1=691575&r2=691576&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/load/Export.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/load/Export.java Wed Sep  3 04:25:24
2008
@@ -22,12 +22,11 @@
 package org.apache.derby.impl.load;
 
 import java.sql.Connection;
-import java.sql.ResultSet;
 import java.io.IOException;
 import java.sql.SQLException;
-import java.util.*;    
-import org.apache.derby.iapi.util.PrivilegedFileOps;
 import java.io.File;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import org.apache.derby.iapi.error.PublicAPI;
 import org.apache.derby.iapi.reference.SQLState;
 import org.apache.derby.iapi.error.StandardException;
@@ -126,7 +125,7 @@
         }
             File file = new File(fileName);
 
-            return PrivilegedFileOps.exists(file);
+            return fileExists(file);
 
         }
     /**
@@ -142,10 +141,26 @@
                       SQLState.DATA_FILE_NULL));
         }
             File file = new File(fileName);
-            
-           return PrivilegedFileOps.exists(file); 
+
+            return fileExists(file);
         }
 
+    /**
+     * Checks if the specified file exists.
+     *
+     * @param file the file to check
+     * @return {@code true} if the file exists, {@code false} if not.
+     * @throws SecurityException if the required privileges are missing
+     */
+    private final boolean fileExists(final File file) {
+        return ((Boolean)AccessController.doPrivileged(
+                new PrivilegedAction() {
+                    public Object run() {
+                        return new Boolean(file.exists());
+                    }
+            })).booleanValue();
+    }
+
 	/**
 	 * SYSCS_EXPORT_TABLE  system Procedure from ij or from a Java application
 	 * invokes  this method to perform export of  a table data to a file.

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java?rev=691576&r1=691575&r2=691576&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
Wed Sep  3 04:25:24 2008
@@ -21,7 +21,6 @@
 
 package org.apache.derby.impl.services.monitor;
 
-import org.apache.derby.iapi.util.PrivilegedFileOps;
 import org.apache.derby.iapi.reference.MessageId;
 import org.apache.derby.iapi.reference.SQLState;
 
@@ -572,11 +571,11 @@
 		{
 			//First make sure backup service directory exists in the specified path
 			File backupRoot = new File(restoreFrom);
-			if(PrivilegedFileOps.exists(backupRoot))
+			if (fileExists(backupRoot))
 			{
 				//First make sure backup have service.properties
 				File bserviceProp = new File(restoreFrom, PersistentService.PROPERTIES_NAME);
-				if(PrivilegedFileOps.exists(bserviceProp))
+				if(fileExists(bserviceProp))
 				{
 					//create service root if required
 					if(createRoot)
@@ -822,6 +821,21 @@
 		return serviceName1.equals(serviceName2);
 	} // end of isSameService
 
+    /**
+     * Checks if the specified file exists.
+     *
+     * @param file the file to check
+     * @return {@code true} if the file exists, {@code false} if not.
+     * @throws SecurityException if the required privileges are missing
+     */
+    private final boolean fileExists(final File file) {
+        return ((Boolean)AccessController.doPrivileged(
+                new PrivilegedAction() {
+                    public Object run() {
+                        return new Boolean(file.exists());
+                    }
+            })).booleanValue();
+    }
 
     /**
      * Get the StorageFactory implementation for this PersistentService

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java?rev=691576&r1=691575&r2=691576&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
(original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
Wed Sep  3 04:25:24 2008
@@ -22,7 +22,6 @@
 package org.apache.derby.impl.store.raw.data;
 
 
-import org.apache.derby.iapi.reference.SQLState;
 import org.apache.derby.iapi.reference.MessageId;
 
 import org.apache.derby.impl.store.raw.data.AllocationActions;
@@ -35,7 +34,6 @@
 import org.apache.derby.impl.store.raw.data.ReclaimSpace;
 
 import org.apache.derby.iapi.services.info.ProductVersionHolder;
-import org.apache.derby.iapi.services.info.ProductGenusNames;
 
 import org.apache.derby.iapi.services.cache.CacheFactory;
 import org.apache.derby.iapi.services.cache.CacheManager;
@@ -50,7 +48,6 @@
 import org.apache.derby.iapi.services.monitor.PersistentService;
 import org.apache.derby.iapi.services.diag.Performance;
 import org.apache.derby.iapi.services.sanity.SanityManager;
-import org.apache.derby.iapi.services.io.FormatIdUtil;
 import org.apache.derby.iapi.services.stream.HeaderPrintWriter;
 
 import org.apache.derby.iapi.error.StandardException;
@@ -67,7 +64,6 @@
 import org.apache.derby.iapi.store.raw.LockingPolicy;
 import org.apache.derby.iapi.store.raw.Page;
 import org.apache.derby.iapi.store.raw.RawStoreFactory;
-import org.apache.derby.iapi.store.raw.RecordHandle;
 import org.apache.derby.iapi.store.raw.StreamContainerHandle;
 import org.apache.derby.iapi.store.raw.Transaction;
 import org.apache.derby.iapi.store.raw.xact.RawTransaction;
@@ -86,7 +82,6 @@
 import org.apache.derby.iapi.util.ByteArray;
 import org.apache.derby.iapi.services.io.FileUtil;
 import org.apache.derby.iapi.util.CheapDateFormatter;
-import org.apache.derby.iapi.util.PrivilegedFileOps;
 import org.apache.derby.iapi.util.ReuseFactory;
 import org.apache.derby.iapi.services.property.PropertyUtil;
 
@@ -95,8 +90,6 @@
 import java.util.Enumeration;
 
 import java.io.File;
-import java.io.FilePermission;
-import java.io.OutputStream;
 import java.io.IOException;
 
 import java.security.AccessController;
@@ -2469,16 +2462,21 @@
 	private void restoreDataDirectory(String backupPath) 
         throws StandardException
 	{
-        File bsegdir;   //segment directory in the backup
-        File backupRoot = new java.io.File(backupPath);	//root dir of backup db
-		
+        // Root dir of backup db
+        final File backupRoot = new java.io.File(backupPath);		
+
         /* To be safe we first check if the backup directory exist and it has
          * atleast one seg* directory before removing the current data directory.
          *
          * This will fail with a security exception unless the database engine 
          * and all its callers have permission to read the backup directory.
          */
-        String[] bfilelist = PrivilegedFileOps.list(backupRoot);
+        String[] bfilelist = (String[])AccessController.doPrivileged(
+                                            new PrivilegedAction() {
+                                                public Object run() {
+                                                    return backupRoot.list();
+                                                }
+                                            });
         if(bfilelist !=null)
         {
             boolean segmentexist = false;
@@ -2487,12 +2485,28 @@
                 //check if it is a  seg* directory
                 if(bfilelist[i].startsWith("seg"))
                 {
-                    bsegdir = new File(backupRoot , bfilelist[i]);
-                    if(PrivilegedFileOps.exists(bsegdir) &&
-                       PrivilegedFileOps.isDirectory(bsegdir))
-                    {
-                        segmentexist = true;
-                        break;
+                    // Segment directory in the backup
+                    final File bsegdir = new File(backupRoot , bfilelist[i]);
+                    boolean bsegdirExists = ((Boolean)
+                            AccessController.doPrivileged(
+                                new PrivilegedAction() {
+                                    public Object run() {
+                                        return new Boolean(bsegdir.exists());
+                                    }
+                            })).booleanValue();
+                    if (bsegdirExists) {
+                        // Make sure the file object points at a directory.
+                        boolean isDirectory = ((Boolean)
+                            AccessController.doPrivileged(
+                            new PrivilegedAction() {
+                                public Object run() {
+                                    return new Boolean(bsegdir.isDirectory());
+                                }
+                            })).booleanValue();
+                        if (isDirectory) {
+                            segmentexist = true;
+                            break;
+                        }
                     }
                 }
             }
@@ -2621,7 +2635,7 @@
     }
 
     // PrivilegedExceptionAction method
-    public final Object run() throws Exception
+    public final Object run() throws IOException, StandardException
     {
         switch( actionCode)
         {

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy?rev=691576&r1=691575&r2=691576&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
Wed Sep  3 04:25:24 2008
@@ -97,8 +97,8 @@
   permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
   permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
 
-  // for testToggleTrace:
-  permission java.io.FilePermission "${derby.system.home}", "write"; 
+  // For testPropertiesAfterConnection and testPropertiesTraceOn
+  permission java.io.FilePermission "${derby.system.home}", "read";
   permission java.io.FilePermission "${derby.system.home}${/}-", "write"; 
 };
 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy?rev=691576&r1=691575&r2=691576&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
Wed Sep  3 04:25:24 2008
@@ -93,8 +93,8 @@
   permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
   permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
     //tracing testing. NetworkServerControlApiTest
-    permission java.io.FilePermission "${derby.system.home}", "write"; 
-    permission java.io.FilePermission "${derby.system.home}${/}-", "write"; 
+    permission java.io.FilePermission "${derby.system.home}", "read";
+    permission java.io.FilePermission "${derby.system.home}${/}-", "read,write";
 };
 
 //

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy?rev=691576&r1=691575&r2=691576&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
Wed Sep  3 04:25:24 2008
@@ -98,7 +98,7 @@
   permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
 
   // for testToggleTrace:
-  permission java.io.FilePermission "${derby.system.home}", "write"; 
+  permission java.io.FilePermission "${derby.system.home}", "read,write";
   permission java.io.FilePermission "${derby.system.home}${/}-", "write"; 
 };
 

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy?rev=691576&r1=691575&r2=691576&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
Wed Sep  3 04:25:24 2008
@@ -1,5 +1,5 @@
 //
-// *  Derby - Class org.apache.derbyTesting.functionTests.tests.lang.SimpleTest
+// *  Derby - Class org.apache.derbyTesting.functionTests.util.derby_tests.policy
 // *  
 // * Licensed to the Apache Software Foundation (ASF) under one
 // * or more contributor license agreements.  See the NOTICE file
@@ -143,6 +143,7 @@
   permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
   // Need to be able to write to trace file for NetworkServerControlApiTest
   permission java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "write"; 
+  permission java.io.FilePermission "${user.dir}${/}system${/}trace", "read,write";
     // Needed for NetworkServerMBean access (see JMX section above)
   permission org.apache.derby.security.SystemPermission "server", "control,monitor";
   



Mime
View raw message