db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myrna van Lunteren (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-622) sysinfo incorrectly requires permission on Derby jar files
Date Fri, 10 Mar 2006 02:06:41 GMT
    [ http://issues.apache.org/jira/browse/DERBY-622?page=comments#action_12369771 ] 

Myrna van Lunteren commented on DERBY-622:
------------------------------------------

Without the step 1 patch, and without the lines currently in the derby_tests.policy file for
derbynet.jar and derby.jar:
  permission java.io.FilePermission "${derbyTesting.codedir}${/}*", "read";

the test will fail with output like this in the .tmp:
- - - - - - - - - - - - - - - - - - - - - - - - -
 ------------------ Java Information ------------------
Java Version:    1.4.2_07
Java Vendor:     Sun Microsystems Inc.
Java home:       Security Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission
java.home read)
Java classpath:  Security Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission
java.class.path read)
OS name:         Windows 2000
OS architecture: x86
OS version:      5.0
Java user name:  Security Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission
user.name read)
Java user home:  C:\Documents and Settings\Administrator
Java user dir:   Security Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission
user.dir read)
java.specification.name: Java Platform API Specification
java.specification.version: 1.4
--------- Derby Information --------
JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
No Derby System info found!
------------------------------------------------------
----------------- Locale Information -----------------
------------------------------------------------------

End test
Testing Sysinfo (method)
- - - - - - - - - - - - 
Note that the sed-processing removes the Java info section.

With the patch, we see this:
- - - - - - - - - - - - 
------------------ Java Information ------------------
Java Version:    1.4.2_07
Java Vendor:     Sun Microsystems Inc.
Java home:       Security Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission
java.home read)
Java classpath:  Security Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission
java.class.path read)
OS name:         Windows 2000
OS architecture: x86
OS version:      5.0
Java user name:  Security Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission
user.name read)
Java user home:  C:\Documents and Settings\Administrator
Java user dir:   Security Exception: java.security.AccessControlException: access denied (java.util.PropertyPermission
user.dir read)
java.specification.name: Java Platform API Specification
java.specification.version: 1.4
--------- Derby Information --------
JRE - JDBC: J2SE 1.4.2 - JDBC 3.0
[/org/apache/derby/info/DBMS.properties] 10.2.0.0 alpha - (384366M)
------------------------------------------------------
----------------- Locale Information -----------------
------------------------------------------------------

End test
Testing Sysinfo (method)
- - - - - - - - -

So, not much of an improvement...

(Note, by the way, also, that in the mean time we ought to have another line in the derby_tests.policy
file for the case that derbytools.jar is the first in the classpath - I guess everyone always
puts derby.jar first...)



> sysinfo incorrectly requires permission on Derby jar files
> ----------------------------------------------------------
>
>          Key: DERBY-622
>          URL: http://issues.apache.org/jira/browse/DERBY-622
>      Project: Derby
>         Type: Bug
>   Components: Security, Tools
>     Versions: 10.2.0.0
>     Reporter: Daniel John Debrunner
>     Priority: Minor
>      Fix For: 10.2.0.0
>  Attachments: DERBY-622_step1.diff
>
> Running the test derbynet/sysinfo.java requires this permission in derby_tests.policy,
in order to read the jar files.
> permission java.io.FilePermission "${csinfo.codedir}${/}*", "read"
> But according to the Java security specs:
> 'Note: code can always read a file from the same directory it's in (or a subdirectory
of that directory); it does not need explicit permission to do so.'
> Probably means a privileged block is required when accessing the contents of the jar
files in sysinfo

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message