db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myrna van Lunteren (JIRA)" <derby-...@db.apache.org>
Subject [jira] Updated: (DERBY-622) sysinfo incorrectly requires permission on Derby jar files
Date Fri, 10 Mar 2006 01:58:40 GMT
     [ http://issues.apache.org/jira/browse/DERBY-622?page=all ]

Myrna van Lunteren updated DERBY-622:
-------------------------------------

    Attachment: DERBY-622_step1.diff

M      java\tools\org\apache\derby\impl\tools\sysinfo\Main.java

This patch - DERBY-622_step1.diff - adds privileged blocks around the getResourceAsStream
sections in use.
This is a first step, it didn't have the result I expected. Maybe someone can review and see
if I did something really dumb....

> sysinfo incorrectly requires permission on Derby jar files
> ----------------------------------------------------------
>
>          Key: DERBY-622
>          URL: http://issues.apache.org/jira/browse/DERBY-622
>      Project: Derby
>         Type: Bug
>   Components: Security, Tools
>     Versions: 10.2.0.0
>     Reporter: Daniel John Debrunner
>     Priority: Minor
>      Fix For: 10.2.0.0
>  Attachments: DERBY-622_step1.diff
>
> Running the test derbynet/sysinfo.java requires this permission in derby_tests.policy,
in order to read the jar files.
> permission java.io.FilePermission "${csinfo.codedir}${/}*", "read"
> But according to the Java security specs:
> 'Note: code can always read a file from the same directory it's in (or a subdirectory
of that directory); it does not need explicit permission to do so.'
> Probably means a privileged block is required when accessing the contents of the jar
files in sysinfo

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message