db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-3086) The server policy needs to grant derbynet.jar more permissions so that sysinfo and drda tracing will work
Date Mon, 05 Nov 2007 23:54:50 GMT

     [ https://issues.apache.org/jira/browse/DERBY-3086?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Rick Hillegas updated DERBY-3086:

    Attachment: derby-3086-01-morePermissions-aa.diff

Attaching derby-3086-04-morePermissions-aa.diff. This adds more permissions to server.policy
and template.policy to facilitate server tracing and sysinfo when a security manager is installed.

One thing that puzzles me is the fact that sysinfo lives in 3 jar files: derbytools.jar, derby.jar,
and derbynet.jar. That means that identical permissions have to be granted to all three code
domains--because you don't know what order the jars will appear in the classpath. Is this
duplication really necessary? Is it a bug that sysinfo lives in 3 jars instead of just one?

This patch touches the following files. Tests must be added later:

M      java/tools/org/apache/derby/impl/tools/sysinfo/Main.java

Adds privileged blocks around system calls.

M      java/drda/org/apache/derby/drda/NetworkServerControl.java

Sets derby.drda.traceDirectory if it isn't already set. This allows us to parameterize the
corresponding permission grant.

M      java/drda/org/apache/derby/drda/server.policy
M      java/drda/org/apache/derby/drda/template.policy

Additional permission grants.

> The server policy needs to grant derbynet.jar more permissions so that sysinfo and drda
tracing will work
> ---------------------------------------------------------------------------------------------------------
>                 Key: DERBY-3086
>                 URL: https://issues.apache.org/jira/browse/DERBY-3086
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions:
>            Reporter: Rick Hillegas
>            Assignee: Rick Hillegas
>         Attachments: derby-3086-01-morePermissions-aa.diff
> More permissions need to be granted to derbynet.jar in the server.policy file. David
van Couvering reports that if you bring up the server and run the following command:
> java -jar derbyrun.jar server sysinfo
> then you get security exceptions as the sysinfo code, running inside the network jarball
tries to read user.dir, user.home, user.name, java.home, and java.class.path.
> Kathey Marsden reports that  if you try to run the network server with drda tracing turned
on, then you get security exceptions when the server tries to open the trace log file.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message