db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel John Debrunner <...@debrunners.com>
Subject Running tests under security manager
Date Tue, 02 Aug 2005 18:13:36 GMT
I'm looking at getting all the tests to run using a security manager,
hopefully by default, but at least provide an option to do it.

Currently tests that start the network server run the network server's
JVM under a security manager using the policy file nwsvr.policy. This is
a good start but I think this approach could be improved somewhat. Some
of the issues I see that a single set of permissions is granted to the
codebase and the granting of permissions is pretty liberal.

My thoughts are that the policy file should grant permissions on a jar
by jar basis, to ensure that, say, the embedded engine is not
incorrectly using a permission granted to the test harness. This then
means that running tests under the security manager really only makes
sense (or is a more stringent test) when running using jars (as opposed
to the classes directory).

I'm starting out by getting the embedded tests to run under the security
manager by just passing properties to the RunTest/RunSuite invocation.
Once I have a good policy file I'll look at merging it with the
nwsvr.policy file and hooking it automatically into the harness.
For the policy file I'm defining the most restrictive set of
permissions, e.g. not all files read/write under ${derby.system.home}
but specific database names, e.g. ${derby.system.home}${/}wombat.

Attached is the policy file I've got so far (a work in progress) and
below is an example of how I start the tests ...

This could be added to the list of security items to be addressed.

A future question then becomes if the tests run successfully under the
SecurityManager should that be the default (and only) way to run tests?
If that is the case then more specific security test cases can be added
that would fail if no security manager was present (e.g. testing to see
procedures can't call System.exit(), checking a database cannot be
created in a location outside the given permission set. This would also
help ensure that the tests are being run under a security manager, e.g.
with the current set, running without a security maanger and with a
security manager look the same (assuming all pass). This means that if a
mistake is made we may end up testing without a security manager while
thinking we are!


# Set derby.lib to the location of the jars. This property
# is used in the policy file to define the codebase for the derby jars.
# ensure flags are passed onto the spawned vm

# CLASSPATH set to the derby jars
${jre}/bin/java ${sm} "${smj}"
org.apache.derbyTesting.functionTests.harness.RunSuite $*

View raw message