db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deepa Remesh <drem...@gmail.com>
Subject Re: [Fwd: Re: derbynet/getCurrentProperties.java fails]
Date Tue, 18 Oct 2005 20:08:19 GMT
On 10/17/05, Daniel John Debrunner <djd@debrunners.com> wrote:
>
> If the permission is not required to run the tests then it must not be
> in the policy file. Otherwise it increases the chance that the
> permission is being used for some other incorrect purpose by the engine
> or network server (etc.) and thus allows bugs to be hidden.
>
> If some future test needs network tracing and doesn't set
> derby.system.home then a much safer approach is for that test to set an
> explicit tracing directory and have write permission on that directory.
>
> A permission such as this is much less likely to hide bugs than the
> second more general version
>
> // very specific permission, less likely to be abused accidentally
> permission java.io.FilePermission
> "${user.dir}${/}testPropertiesTraceFiles${/}*", "write";
>
> // very generic permission, lots of potential to be used accidentally.
> permission java.io.FilePermission "${user.dir}${/}*", "write";
>
> In the future I would like to re-work the current permissions to be more
> specific, e.g. ensure all test databases are in
> ${derby.system.home}/db/, this would separate out the permissions used
> and needed  by the engine from the permssions used by the network server.

Thanks Dan for explaining in detail.

I did the following:
1. Removed write permission for ${user.dir} from derbynet.jar and
classes directory.
2. Granted permission to derbynet.jar to write to ${derby.system.home}

With these changes, I ran derbyall with sane jars. The test
jdbcapi/secureUsers1.sql failed in derbynetmats and derbynetclientmats
becasue it needs permission to write CloudLDAP.out to ${user.dir}. I
added this permission to derbynet.jar and classes directory. After
this change, I reran the test jdbcapi/secureUsers1.sql in all
frameworks with both sane jars and classes. No failures.

I have attached a patch for test policy file with this mail. Here is a
summary of the patch:
1. Removes the following permission from derbynet.jar and classes
directory. This is not required after the patch for DERBY-375.
permission java.io.FilePermission "${user.dir}${/}*", "write";

2. Grants the following permission to derbynet.jar. This is required
since tracing file location now defaults to ${derby.system.home}. The
test derbynet/getCurrentProperties.java uses this.
// tracing files default to derby.system.home,
derbynet/getCurrentProperties.java
permission java.io.FilePermission "${derby.system.home}${/}*", "write";

3. Grants the following permission to derbynet.jar and classes
directory. This is required by the test jdbcapi/secureUsers1.sql when
run using sane builds.
// sane=true, jdbcapi/secureUsers1.sql
permission java.io.FilePermission "${user.dir}${/}CloudLDAP.out", "write";

Please look into this patch and commit if okay.

Deepa

Mime
View raw message