Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 32132 invoked from network); 15 Nov 2007 23:34:04 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 15 Nov 2007 23:34:04 -0000 Received: (qmail 54188 invoked by uid 500); 15 Nov 2007 23:33:51 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 54068 invoked by uid 500); 15 Nov 2007 23:33:51 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 54058 invoked by uid 99); 15 Nov 2007 23:33:51 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Nov 2007 15:33:51 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Nov 2007 23:33:49 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 1375E714208 for ; Thu, 15 Nov 2007 15:33:43 -0800 (PST) Message-ID: <15287996.1195169623064.JavaMail.jira@brutus> Date: Thu, 15 Nov 2007 15:33:43 -0800 (PST) From: "Kathey Marsden (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Commented: (DERBY-2564) ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt() In-Reply-To: <32762245.1176913515284.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-2564?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12542909 ] Kathey Marsden commented on DERBY-2564: --------------------------------------- So I guess in summary we do need a privilege block, but we don't need to modify our template policy file for this issue. Is that correct? > ContextService.notifyAllActiveThreads() needs a privileged block around the call to Thread.interrupt() > ------------------------------------------------------------------------------------------------------ > > Key: DERBY-2564 > URL: https://issues.apache.org/jira/browse/DERBY-2564 > Project: Derby > Issue Type: Bug > Components: Security > Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0 > Reporter: Rick Hillegas > > It looks to me as though the call to interrupt() can raise a SecurityException. I think this may give rise to another permission that we need to add to our template policy file and to our security documentation. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.