db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Van Couvering <David.Vancouver...@Sun.COM>
Subject Re: Running tests under security manager
Date Tue, 02 Aug 2005 18:24:05 GMT
This would be great!  A whole suite of security regression tests would 
be tres bon!  I would love to tell people we do this kind of testing, 
security is such a BIG issue these days.

David

Daniel John Debrunner wrote:

>I'm looking at getting all the tests to run using a security manager,
>hopefully by default, but at least provide an option to do it.
>
>Currently tests that start the network server run the network server's
>JVM under a security manager using the policy file nwsvr.policy. This is
>a good start but I think this approach could be improved somewhat. Some
>of the issues I see that a single set of permissions is granted to the
>codebase and the granting of permissions is pretty liberal.
>
>My thoughts are that the policy file should grant permissions on a jar
>by jar basis, to ensure that, say, the embedded engine is not
>incorrectly using a permission granted to the test harness. This then
>means that running tests under the security manager really only makes
>sense (or is a more stringent test) when running using jars (as opposed
>to the classes directory).
>
>I'm starting out by getting the embedded tests to run under the security
>manager by just passing properties to the RunTest/RunSuite invocation.
>Once I have a good policy file I'll look at merging it with the
>nwsvr.policy file and hooking it automatically into the harness.
>For the policy file I'm defining the most restrictive set of
>permissions, e.g. not all files read/write under ${derby.system.home}
>but specific database names, e.g. ${derby.system.home}${/}wombat.
>
>Attached is the policy file I've got so far (a work in progress) and
>below is an example of how I start the tests ...
>
>This could be added to the list of security items to be addressed.
>
>A future question then becomes if the tests run successfully under the
>SecurityManager should that be the default (and only) way to run tests?
>If that is the case then more specific security test cases can be added
>that would fail if no security manager was present (e.g. testing to see
>procedures can't call System.exit(), checking a database cannot be
>created in a location outside the given permission set. This would also
>help ensure that the tests are being run under a security manager, e.g.
>with the current set, running without a security maanger and with a
>security manager look the same (assuming all pass). This means that if a
>mistake is made we may end up testing without a security manager while
>thinking we are!
>
>Dan.
>
># Set derby.lib to the location of the jars. This property
># is used in the policy file to define the codebase for the derby jars.
>#
>sm="-Dderby.lib=file:/c:/_work/svn_pb/trunk/jars/insane
>-Djava.security.manager
>-Djava.security.policy=c:/_work/svn_pb/trunk/derby_jar.policy"
># ensure flags are passed onto the spawned vm
>smj="-Djvmflags=${sm}"
>
># CLASSPATH set to the derby jars
>${jre}/bin/java ${sm} "${smj}"
>org.apache.derbyTesting.functionTests.harness.RunSuite $*
>  
>
>------------------------------------------------------------------------
>
>grant codeBase "${derby.lib}${/}derbyTesting.jar" {
>  permission java.security.AllPermission;
>};
>
>grant codeBase "${derby.lib}${/}derbytools.jar" {
>  permission java.io.FilePermission "C:${/}_work${/}svn_pb${/}trunk${/}systest${/}-",
"read";
>  permission java.util.PropertyPermission "*", "read,write";
>  permission java.security.AllPermission;
>};
>
>grant codeBase "${derby.lib}${/}derby.jar" {
>  permission java.util.PropertyPermission "derby.*", "read";
>  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
>  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write,
delete";
>  permission java.io.FilePermission "${derby.system.home}", "read";
>  
>  permission java.lang.RuntimePermission "createClassLoader";
>
>  // usual database
>  permission java.io.FilePermission "${derby.system.home}${/}wombat${/}-", "read, write,
delete";
>  permission java.io.FilePermission "${derby.system.home}${/}wombat", "read, write, delete";
>
>  permission java.io.FilePermission "${derby.system.home}${/}authorize${/}-", "read, write,
delete";
>  permission java.io.FilePermission "${derby.system.home}${/}authorize", "read, write,
delete";
>
>  permission java.io.FilePermission "${derby.system.home}${/}VombatusUrsinusHirsutus-1${/}-",
"read, write, delete";
>  permission java.io.FilePermission "${derby.system.home}${/}VombatusUrsinusHirsutus-1",
"read, write, delete";
>
>  // nist suite does not use derby.system.home
>  permission java.util.PropertyPermission "user.dir", "read";
>  permission java.io.FilePermission "${user.dir}${/}nist${/}wombat${/}-", "read, write,
delete";
>  permission java.io.FilePermission "${user.dir}${/}nist${/}wombat", "read, write, delete";
>  permission java.io.FilePermission "${user.dir}${/}nist${/}derby.properties", "read";
>  permission java.io.FilePermission "${user.dir}${/}nist${/}derby.log", "read, write,
delete";
>  permission java.io.FilePermission "${user.dir}${/}nist", "read";  
>};
>  
>

Mime
View raw message