db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Db-derby Wiki] Update of "AnalyzingSecurityManagerIssues" by MyrnavanLunteren
Date Tue, 05 Nov 2013 23:57:54 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification.

The "AnalyzingSecurityManagerIssues" page has been changed by MyrnavanLunteren:
https://wiki.apache.org/db-derby/AnalyzingSecurityManagerIssues?action=diff&rev1=1&rev2=2

  == Introduction ==
  Java has the concept of Security Manager. You can read up on this here: http://docs.oracle.com/javase/7/docs/api/java/lang/SecurityManager.html,
and for more detail: http://docs.oracle.com/javase/7/docs/technotes/guides/security/ and http://www.oracle.com/technetwork/java/seccodeguide-139067.html
  
- In simple terms, running under SecurityManager involves the following aspects:
+ In simple terms, running under [[SecurityManager|!SecurityManager]] involves the following
aspects:
  
   * Policy File
  
@@ -16, +16 @@

  
   . At the most extensive, a policy file looks like this (not a good thing in production,
but might be useful sometimes)
  
- {{{
+  . {{{
- // default permissions granted to all domains
+ default permissions granted to all domains
  grant {
      permission java.security.AllPermission
  };
  }}}
+ 
   * Privileged Block
  
   . A section of code which, when running under SecurityManager, requires a  certain permission,
has to be wrapped in a 'Privileged Block'. For  instance, code that needs to check on a system
property, or read or  write to a file, would need this.
  
-  . For examples of Privileged Block code, see: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/PrivilegedFileOpsForTests.java?revision=1537394&view=markup
or http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TimeZoneTestSetup.java?revision=1524579&view=markup
+  . For examples of Privileged Block code, see: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/util/PrivilegedFileOpsForTests.java?revision=1537394&view=markup
or http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/junit/TimeZoneTestSetup.java?revision=1524579&view=markup.
However, this is in test code, but typically, you want to put Priviledged code in private
methods, for example: http://svn.apache.org/viewvc/db/derby/code/trunk/java/tools/org/apache/derby/impl/tools/sysinfo/Main.java?view=markup
  
   * Running without SecurityManager
  
@@ -40, +41 @@

  
   * java.lang.SecurityException and java.security.AccessControlException
  
-  . Code that should, but does not have permission, gets refused by the  SecurityManager,
which usually means you will get a  java.security.AccessControlException('Access denied').
See for an  example of this https://issues.apache.org/jira/browse/DERBY-6349.
+  . Code that should, but does not have permission, gets refused by the SecurityManager,
which usually means you will get a  java.security.AccessControlException('Access denied').
See for an  example of this https://issues.apache.org/jira/browse/DERBY-6349.
  
  == Debugging a Security Issue ==
  Typically an indication that you are dealing with a security manager  issue is that you
get an "access denied" error.  There are three types  of Security Manager issues you might
encounter:
@@ -55, +56 @@

  
  === Example 1: Java Class Library ===
  ==== Step 1: Analyze the Stack Trace: ====
+  . {{{
+ at java.security.AccessController.checkPermission(AccessController.java:108)
+ at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
+ at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1286)
+ at java.lang.System.getProperty(System.java:428)
+ at java.lang.System.getProperty(System.java:412)
+ at com.ibm.crypto.provider.IBMJCE.(Unknown Source)
+ at java.lang.J9VMInternals.newInstanceImpl(Native Method)
+ at java.lang.Class.newInstance(Class.java:1329)
+ at org.apache.harmony.security.fortress.Services.newInstance(Services.java:853)
+ at org.apache.harmony.security.fortress.Services.access$500(Services.java:55)
+ at org.apache.harmony.security.fortress.Services$NormalServices.createProviderInstance(Services.java:286)
+ at org.apache.harmony.security.fortress.Services$NormalServices.createDefaultProviderInstance(Services.java:253)
+ at org.apache.harmony.security.fortress.Services$NormalServices.getService(Services.java:391)
+ at org.apache.harmony.security.fortress.Services$NormalServices.access$2000(Services.java:128)
+ at org.apache.harmony.security.fortress.Services.getService(Services.java:785)
+ at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:133)
+ at java.security.MessageDigest.getInstance(MessageDigest.java:75)
+ at org.apache.derby.impl.jdbc.authentication.BasicAuthenticationServiceImpl.boot(Unknown
Source)
+ at org.apache.derby.impl.services.monitor.BaseMonitor.boot(Unknown Source)
+ at org.apache.derby.impl.services.monitor.TopService.bootModule(Unknown Source)
+ }}}
  
+ In this example the class throwing the security exception is "java.security.MessageDigest.getInstance()".
+ 
+ ==== Step 2: Look at the java API javadoc ====
+ In the example above, this is:
+ 
+  . [[http://download.oracle.com/javase/6/docs/api/java/security/MessageDigest.html#getInstance(java.lang.String|http://download.oracle.com/javase/6/docs/api/java/security/MessageDigest.html#getInstance(java.lang.String)]]
+ 
+ Should this method throw a security exception? If not as in this case the problem is probably
in the java class library.
+ 
+ ==== Step 3: Create a stand-alone java reproduction to report to the vendor ====
+ ==== Step 3.a. Create a small java program with the call. ====
+ If the problem is a java class library issue, try to make a stand alone  java reproduction
to report to the vendor. First make a small java  program with the call. Analyzing the source
code will help. For example:
+ 
+  . {{{
+ import java.security.*;
+ 
+ public class TestMessageDigest {
+ 
+     public static void main(String[] args) throws Exception {
+     System.out.println(MessageDigest.getInstance("SHA-1"));
+ 
+     }
+ }
+ }}}
+ 
+ ==== Step 3.b. Create a policy file ====
+ Next make a policy file. In this case we don't need any special permissions, so the policy
file does not have any. See http://download.java.net/jdk8/docs/technotes/guides/security/permissions.html
for a description of the available permissions.
+ 
+  . {{{
+ //my.policy file
+ grant codeBase "file:c:/repro/mesdigest"
+ {
+ 
+ }
+ }}}
+ 
+ ==== Step 3.c Run with Security Manager ====
+ Next run the program with security manager on.
+ 
+  . java  -Djava.security.manager -Djava.security.policy=my.policy TestMessageDigest
+ 
+ ==== Step 4: Report the problem to the vendor ====
+ Do this using your support channels.
+ 
+ === Example 2: Derby Issue ===
+ The other kind of issue is one where we find the java class library is  expected to throw
a permission error, but Derby does not wrap the call  in a privilege block. An example of
such a case is DERBY-6349 where an  intentional change to the java class library caused a
test failure.
+ 
+ ==== Step 1: Analyze the Stack Trace ====
+ The failure had the following stack trace:
+ 
+  . {{{
+ 1) DaylightSavingTestjava.security.AccessControlException: Access denied ("java.util.PropertyPermission"
"user.timezone" "write")
+        at java.security.AccessController.throwACE(AccessController.java:100)
+         at .(Unknown Source)
+         at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
+         at java.util.TimeZone.hasPermission(TimeZone.java:756)
+         at java.util.TimeZone.setDefault(TimeZone.java:778)
+         at org.apache.derbyTesting.junit.TimeZoneTestSetup.setUp(TimeZoneTestSetup.java:59)
+         at junit.extensions.TestSetup$1.protect(TestSetup.java:22)
+         at junit.extensions.TestSetup.run(TestSetup.java:27)
+         at org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:57)
+ }}}
+ 
+ Here again we identify the java API call. In this case TimeZone.setDefault(), called from
TimeZoneTestSetup.
+ 
+ ==== Step 2: Look at the java API javadoc ====
+ The Derby code in TimeZoneTestSetup was doing this:
+ 
+ {{{
+ setDefault(requestedDefault);
+ }}}
+ where requestedDefault was a valid Timezone object passed in. The super class' method setDefault
was called.
+ 
+ After checking with the jvm vendor, it seemed with a newer  JVM version we now needed 'write'
permission for this call. So we  needed to
+ 
+ ==== Step 3a. Wrap the offending call in a Privileged Block ====
+ Wrap the setDefault call in a privilege block, e.g.
+ 
+  . {{{
+ AccessController.doPrivileged(
+                 new PrivilegedAction() {
+                     public Object run() throws SecurityException {
+                         TimeZone.setDefault(tz);
+                         return null;
+                     }});
+ }}}
+ 
+ ==== Step 3.b. Add permissions to the Policy File ====
+ Make sure the correct permissions are in the policy file. In this case we needed:
+ 
+  . {{{
+ permission java.util.PropertyPermission "user.timezone", "write";
+ };
+ }}}
+ 

Mime
View raw message