db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kristian Waagan (JIRA)" <derby-...@db.apache.org>
Subject [jira] Updated: (DERBY-623) Derby monitor accesses two system properties without using a privileged block when built sane=true
Date Tue, 07 Mar 2006 10:07:41 GMT
     [ http://issues.apache.org/jira/browse/DERBY-623?page=all ]

Kristian Waagan updated DERBY-623:
----------------------------------

    Attachment: DERBY-623-1a.diff
                DERBY-623-1a.stat

'DERBY-623-1a.diff' is a patch changing BaseMonitor to use privileged blocks for reading system
properties and also removing the workaround permissions granted in 'derby_tests.policy'. 

Reading of specific properties are done with 'PropertyUtil.getSystemProperty()'.
Besides general feedback, I would like feedback on the following issues:

1) I have not separated reading all system properties (System.getProperties) into its own
method, because this is done only here (and one place in testing code). It is also something
we should in general not do. Further, keeping it inside the sanity block removes it in insane
builds.

2) Should the swallowed exception be logged somewhere?

3) Is the order of the 'startServices' calls important? If not, I would move the call inside
the sanity block to the end. I also removed the call for insane builds, since the variable
passed in is only set for sane builds.

The patch is a mix of my own work and the patch I got by Rick Hillegas on derby-dev (subject
'Security manager problems with Class.forName()').


> Derby monitor accesses two system properties without using a privileged block when built
sane=true
> --------------------------------------------------------------------------------------------------
>
>          Key: DERBY-623
>          URL: http://issues.apache.org/jira/browse/DERBY-623
>      Project: Derby
>         Type: Bug
>   Components: Services
>     Versions: 10.2.0.0
>     Reporter: Daniel John Debrunner
>     Assignee: Kristian Waagan
>     Priority: Minor
>  Attachments: DERBY-623-1a.diff, DERBY-623-1a.stat, DERBY-623-2b-javadoc.diff, DERBY-623-2b-javadoc.stat
>
> When built with sane=true and testing with the jars these permissions are required to
be granted all the way up the stack, currently this means for the tests granting them to the
network server jar.
>   permission java.util.PropertyPermission "derby.monitor.verbose", "read";
>   permission java.util.PropertyPermission "derby.debug.*", "read";
> The engine contains code to read system properties using privileged blocks, this should
be used by the monitor.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message