Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 57816 invoked from network); 30 Mar 2006 08:04:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 30 Mar 2006 08:04:52 -0000 Received: (qmail 19895 invoked by uid 500); 30 Mar 2006 08:04:52 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 19672 invoked by uid 500); 30 Mar 2006 08:04:51 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 19662 invoked by uid 99); 30 Mar 2006 08:04:50 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Mar 2006 00:04:50 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 30 Mar 2006 00:04:50 -0800 Received: from ajax (localhost.localdomain [127.0.0.1]) by ajax.apache.org (Postfix) with ESMTP id 7BDE36ACAF for ; Thu, 30 Mar 2006 09:04:29 +0100 (BST) Message-ID: <2097108853.1143705869504.JavaMail.jira@ajax> Date: Thu, 30 Mar 2006 09:04:29 +0100 (BST) From: "Andrew McIntyre (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-622) sysinfo incorrectly requires permission on Derby jar files In-Reply-To: <337640581.1129210626474.JavaMail.jira@ajax.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/DERBY-622?page=comments#action_12372392 ] Andrew McIntyre commented on DERBY-622: --------------------------------------- Sorry, mistake in that last comment. Getting late here. :-) It should have read: I can confirm that with or without the change in the _step1 patch, and *with* the policy file change to remove the lines... Without any changes to the policy file, there is no change in the behavior of the tests, which is why I opted to commit the _step1 patch as-is. > sysinfo incorrectly requires permission on Derby jar files > ---------------------------------------------------------- > > Key: DERBY-622 > URL: http://issues.apache.org/jira/browse/DERBY-622 > Project: Derby > Type: Bug > Components: Security, Tools > Versions: 10.2.0.0 > Reporter: Daniel John Debrunner > Priority: Minor > Fix For: 10.2.0.0 > Attachments: DERBY-622_step1.diff > > Running the test derbynet/sysinfo.java requires this permission in derby_tests.policy, in order to read the jar files. > permission java.io.FilePermission "${csinfo.codedir}${/}*", "read" > But according to the Java security specs: > 'Note: code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so.' > Probably means a privileged block is required when accessing the contents of the jar files in sysinfo -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira