db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel John Debrunner (JIRA)" <derby-...@db.apache.org>
Subject [jira] Commented: (DERBY-623) Derby monitor accesses two system properties without using a privileged block when built sane=true
Date Wed, 08 Mar 2006 17:04:39 GMT
    [ http://issues.apache.org/jira/browse/DERBY-623?page=comments#action_12369497 ] 

Daniel John Debrunner commented on DERBY-623:
---------------------------------------------

The changes to reading system properties are really outside the scope of this bug. I actually
think that the original code should be removed,
ideally the debug (sane) server should not behave differently to the non-debug (insane) server.
There is already a mechanism that works
in both sane and insane for adding additional modules, debug or otherwise. That is having
an additional modules.properties in the class path.

I believe the code of having system properties set modules should be removed because it can
be a security risk, that is enabled
by just allowing the derby engine to read system properties. Then malicious code has the possibility
to change runtime modules,
by setting system properties, such as changing the authentication module to allow any user.
That's why the code is not security
manager enabled at the moment, though that is not a complete solution, removing the code would
be better.

> Derby monitor accesses two system properties without using a privileged block when built
sane=true
> --------------------------------------------------------------------------------------------------
>
>          Key: DERBY-623
>          URL: http://issues.apache.org/jira/browse/DERBY-623
>      Project: Derby
>         Type: Bug
>   Components: Services
>     Versions: 10.2.0.0
>     Reporter: Daniel John Debrunner
>     Assignee: Kristian Waagan
>     Priority: Minor
>  Attachments: DERBY-623-1a.diff, DERBY-623-1a.stat, DERBY-623-2b-javadoc.diff, DERBY-623-2b-javadoc.stat
>
> When built with sane=true and testing with the jars these permissions are required to
be granted all the way up the stack, currently this means for the tests granting them to the
network server jar.
>   permission java.util.PropertyPermission "derby.monitor.verbose", "read";
>   permission java.util.PropertyPermission "derby.debug.*", "read";
> The engine contains code to read system properties using privileged blocks, this should
be used by the monitor.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message