db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <derby-...@db.apache.org>
Subject [jira] Updated: (DERBY-626) Booting embedded engine requires read permission to derby.jar be granted for all code in the stack
Date Tue, 01 Nov 2005 18:09:56 GMT
     [ http://issues.apache.org/jira/browse/DERBY-626?page=all ]

Daniel John Debrunner updated DERBY-626:
----------------------------------------

    Fix Version: 10.1.2.1

Will try to merge this to 10.1

> Booting embedded engine requires read permission to derby.jar be granted for all code
in the stack
> --------------------------------------------------------------------------------------------------
>
>          Key: DERBY-626
>          URL: http://issues.apache.org/jira/browse/DERBY-626
>      Project: Derby
>         Type: Bug
>   Components: Security, Services
>     Versions: 10.1.1.0, 10.2.0.0
>     Reporter: Daniel John Debrunner
>     Assignee: Daniel John Debrunner
>     Priority: Critical
>      Fix For: 10.1.2.1

>
> When running in a security manager the embedded engine uses ClassLoader.getResources()
to obtain the set of modules.properties files. This method returns an empty set if running
in a security manager and permission has not been granted to read derby.jar to all code in
the stack, unless the method is executed in a privileged block.
> This is a regression early on in Derby's life and was not caught because of lack of testing
under the security manager and was hidden by the need to grant read permission for DERBY-622.
> The embedded code does not need this permission to be granted since 'Note: code can always
read a file from the same directory it's in (or a subdirectory of that directory); it does
not need explicit permission to do so.' 
> Need to re-factor code to ensure that the call to getResources and opening the resulting
URL  is all in a privileged block.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message