db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-2925) Prevent export from overwriting existing files
Date Tue, 31 Jul 2007 03:37:53 GMT

    [ https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12516610
] 

Kathey Marsden commented on DERBY-2925:
---------------------------------------

Running suites.All with the patch I see these failures:  Almost as though the permissions
problem has moved.

3) testIllegalOps(org.apache.derbyTesting.functionTests.tests.lang.XMLTypeAndOpsTest)junit.framework.ComparisonFailure:
Unexpected SQL state. expected:<42Z7...> but was:<XJ00...>
        at org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:624)
        at org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:659)
        at org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:673)
        at org.apache.derbyTesting.junit.BaseJDBCTestCase.assertStatementError(BaseJDBCTestCase.java:854)
        at org.apache.derbyTesting.functionTests.tests.lang.XMLTypeAndOpsTest.testIllegalOps(XMLTypeAndOpsTest.java:352)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:95)
        at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
        at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
        at junit.extensions.TestSetup.run(TestSetup.java:23)
        at org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:57)
Caused by: java.sql.SQLException: Java exception: 'Access denied (java.io.FilePermission xmlexport.del
read): java.secur
ity.AccessControlException'.
        at org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:45)
        at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:88)
        at org.apache.derby.impl.jdbc.Util.javaException(Util.java:245)
        at org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(TransactionResourceImpl.java:403)
        at org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(TransactionResourceImpl.java:398)
        at org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(TransactionResourceImpl.java:346)
        at org.apache.derby.impl.jdbc.EmbedConnection.handleException(EmbedConnection.java:1572)
        at org.apache.derby.impl.jdbc.ConnectionChild.handleException(ConnectionChild.java:81)
        at org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(EmbedStatement.java:1293)
        at org.apache.derby.impl.jdbc.EmbedPreparedStatement.executeStatement(EmbedPreparedStatement.java:1652)
        at org.apache.derby.impl.jdbc.EmbedCallableStatement.executeStatement(EmbedCallableStatement.java:116)
        at org.apache.derby.impl.jdbc.EmbedPreparedStatement.execute(EmbedPreparedStatement.java:1304)
        at org.apache.derbyTesting.junit.BaseJDBCTestCase.assertStatementError(BaseJDBCTestCase.java:849)
        ... 34 more
Caused by: java.security.AccessControlException: Access denied (java.io.FilePermission xmlexport.del
read)
        at java.security.AccessController.checkPermission(AccessController.java:104)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:886)
        at java.io.File.exists(File.java:726)
        at org.apache.derby.iapi.util.PrivilegedFileOps$1.run(PrivilegedFileOps.java:60)
        at java.security.AccessController.doPrivileged(AccessController.java:242)
        at org.apache.derby.iapi.util.PrivilegedFileOps.exists(PrivilegedFileOps.java:57)
        at org.apache.derby.impl.load.Export.dataFileExists(Export.java:146)
        at org.apache.derby.impl.load.Export.doExport(Export.java:57)
        at org.apache.derby.impl.load.Export.exportTable(Export.java:172)
        at org.apache.derby.catalog.SystemProcedures.SYSCS_EXPORT_TABLE(SystemProcedures.java:1128)
        at org.apache.derby.exe.ac592dcde3x0114x19dfx7bc8xffffa650e7100.g0(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at org.apache.derby.impl.services.reflect.ReflectMethod.invoke(ReflectMethod.java:46)
        at org.apache.derby.impl.sql.execute.CallStatementResultSet.open(CallStatementResultSet.java:57)
        at org.apache.derby.impl.sql.GenericPreparedStatement.execute(GenericPreparedStatement.java:370)
        at org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(EmbedStatement.java:1203)
        ... 38 more
4) testIllegalOps(org.apache.derbyTesting.functionTests.tests.lang.XMLTypeAndOpsTest)junit.framework.ComparisonFailure:
Unexpected SQL state. expected:<42Z7...> but was:<XJ00...>
        at org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:624)
        at org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:659)
        at org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:673)
        at org.apache.derbyTesting.junit.BaseJDBCTestCase.assertStatementError(BaseJDBCTestCase.java:854)
        at org.apache.derbyTesting.functionTests.tests.lang.XMLTypeAndOpsTest.testIllegalOps(XMLTypeAndOpsTest.java:352)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:95)
        at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
        at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
        at junit.extensions.TestSetup.run(TestSetup.java:23)
        at org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:57)
        at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
        at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
        at junit.extensions.TestSetup.run(TestSetup.java:23)
        at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
        at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
        at junit.extensions.TestSetup.run(TestSetup.java:23)
        at org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:57)
Caused by: java.sql.SQLException: Java exception: 'Access denied (java.io.FilePermission xmlexport.del
read): java.secur
ity.AccessControlException'.
        at org.apache.derby.client.am.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:46)
        at org.apache.derby.client.am.SqlException.getSQLException(SqlException.java:362)
        at org.apache.derby.client.am.SqlException.getSQLException(SqlException.java:371)
        at org.apache.derby.client.am.PreparedStatement.execute(PreparedStatement.java:1572)
        at org.apache.derbyTesting.junit.BaseJDBCTestCase.assertStatementError(BaseJDBCTestCase.java:849)
        ... 43 more
Caused by: org.apache.derby.client.am.SqlException: Java exception: 'Access denied (java.io.FilePermission
xmlexport.del
 read): java.security.AccessControlException'.
        at org.apache.derby.client.am.SqlException.<init>(SqlException.java:290)
        at org.apache.derby.client.am.SqlException.<init>(SqlException.java:264)
        at org.apache.derby.client.am.Statement.completeExecute(Statement.java:1498)
        at org.apache.derby.client.net.NetStatementReply.parseEXCSQLSTTreply(NetStatementReply.java:304)
        at org.apache.derby.client.net.NetStatementReply.readExecuteCall(NetStatementReply.java:105)
        at org.apache.derby.client.net.StatementReply.readExecuteCall(StatementReply.java:75)
        at org.apache.derby.client.net.NetStatement.readExecuteCall_(NetStatement.java:176)
        at org.apache.derby.client.am.Statement.readExecuteCall(Statement.java:1464)
        at org.apache.derby.client.am.PreparedStatement.flowExecute(PreparedStatement.java:2158)
        at org.apache.derby.client.am.PreparedStatement.executeX(PreparedStatement.java:1578)
        at org.apache.derby.client.am.PreparedStatement.execute(PreparedStatement.java:1563)
        ... 44 more


> Prevent export from overwriting existing files
> ----------------------------------------------
>
>                 Key: DERBY-2925
>                 URL: https://issues.apache.org/jira/browse/DERBY-2925
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Security, Tools
>    Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.3, 10.4.0.0
>            Reporter: Kathey Marsden
>            Assignee: Ramin Moazeni
>         Attachments: DERBY-2925v0.diff, DERBY-2925v0.stat, DERBY-2925v1.diff, DERBY-2925v1.stat,
DERBY-2925v2.diff, DERBY-2925v2.stat, DERBY-2925v3.diff, DERBY-2925v3.stat, DERBY-2925v4.diff,
DERBY-2925v4.stat, DERBY-2925v5.diff, DERBY-2925v5.stat, releaseNotev0.html
>
>
> Export should not overwrite existing files, but rather insist that the user remove them
before writing to the file.  This will help prevent accidental or intentional corruption of
the database with export.  This may introduce a compatibility issue with export but because
export is usually an attended utility and not typically invoked as part of an application,
I think the risk is worth the additional security this will provide.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message