db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Suresh Thalamati (JIRA)" <derby-...@db.apache.org>
Subject [jira] Updated: (DERBY-709) SecurityException thrown when passing a relative path name when backing up database
Date Thu, 23 Feb 2006 22:38:38 GMT
     [ http://issues.apache.org/jira/browse/DERBY-709?page=all ]

Suresh Thalamati updated DERBY-709:

    Attachment: derby-709.diff

-- Removed the requirement for read permission on "user.dir" for backup to
run under security manager. Absolute Path were used only to log into backup
history file. Changed it to log canonical paths only if it can be obtainer
,otherwise only relative paths are written to the backup history file. 
-- Added a missing privileged blocks to the save service.properties file into the backup.

-- Added  privileged blocks for  test util file functions that are called 
   through SQL functions/procedures.
-- Enabled some of the tests which were not running under security manager 
   earlier because of this bug to run by default with security manager. 
Backup tests that test backup with jar Operations still can not be run under security
manager due to bug DERBY-537. 

TESTS : derbyall test suite passed on Windows XP/JDK142

It would be great if some can review and commit this patch. 

svn stat:

M      java\engine\org\apache\derby\impl\services\monitor\StorageFactoryService.java
M      java\engine\org\apache\derby\impl\store\raw\RawStore.java
M      java\engine\org\apache\derby\iapi\reference\MessageId.java
M      java\engine\org\apache\derby\loc\messages_en.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\storetests\st_1_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\OnlineBackupTest1_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\onlineBackupTest2_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\rollForwardBackup_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\RecoveryAfterBackup_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\BackupPathTests_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\backupRestore_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\RecoveryAfterBackupSetup_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\encryptionKey_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\backupRestore1_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\logDevice_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\OnlineBackupTest3_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\onlineBackupTest4_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\tests\store\rollForwardRecovery_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\util\FTFileUtil.java

> SecurityException thrown when passing a relative path name when backing up database
> -----------------------------------------------------------------------------------
>          Key: DERBY-709
>          URL: http://issues.apache.org/jira/browse/DERBY-709
>      Project: Derby
>         Type: Bug
>   Components: Store, Security
>     Versions:,,
>     Reporter: Daniel John Debrunner
>     Assignee: Suresh Thalamati
>     Priority: Minor
>  Attachments: derby-709.diff
> ERROR 38000: The exception 'java.security.AccessControlException: access denied
> (java.util.PropertyPermission user.dir read)' was thrown while evaluating an exp
> ression)
> Can be seen in the store/encryptionKey.sql test, modify the _app.properties file to enable
the security manager.
> Due to logging messages using File.getCanonicalPath in RawStore.java, lines 675 and 686.
> Possible solutions:
>   - use a privileged block and required user.dir permission granted to user.dir to backup
to a relative directory
>   - use a privileged block,if a security exception is thrown then just display the relative
name, otherwise display the full name. This would allow backups to succeed without requiring
granting additional permissions to derby.jar
>   - just log the relative path

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message