db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myrna van Lunteren (JIRA)" <derby-...@db.apache.org>
Subject [jira] Updated: (DERBY-622) sysinfo incorrectly requires permission on Derby jar files
Date Fri, 10 Mar 2006 01:58:40 GMT
     [ http://issues.apache.org/jira/browse/DERBY-622?page=all ]

Myrna van Lunteren updated DERBY-622:

    Attachment: DERBY-622_step1.diff

M      java\tools\org\apache\derby\impl\tools\sysinfo\Main.java

This patch - DERBY-622_step1.diff - adds privileged blocks around the getResourceAsStream
sections in use.
This is a first step, it didn't have the result I expected. Maybe someone can review and see
if I did something really dumb....

> sysinfo incorrectly requires permission on Derby jar files
> ----------------------------------------------------------
>          Key: DERBY-622
>          URL: http://issues.apache.org/jira/browse/DERBY-622
>      Project: Derby
>         Type: Bug
>   Components: Security, Tools
>     Versions:
>     Reporter: Daniel John Debrunner
>     Priority: Minor
>      Fix For:
>  Attachments: DERBY-622_step1.diff
> Running the test derbynet/sysinfo.java requires this permission in derby_tests.policy,
in order to read the jar files.
> permission java.io.FilePermission "${csinfo.codedir}${/}*", "read"
> But according to the Java security specs:
> 'Note: code can always read a file from the same directory it's in (or a subdirectory
of that directory); it does not need explicit permission to do so.'
> Probably means a privileged block is required when accessing the contents of the jar
files in sysinfo

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message