Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 93085 invoked from network); 20 Nov 2007 18:14:12 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 20 Nov 2007 18:14:12 -0000 Received: (qmail 36519 invoked by uid 500); 20 Nov 2007 18:13:54 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 36383 invoked by uid 500); 20 Nov 2007 18:13:53 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 36318 invoked by uid 99); 20 Nov 2007 18:13:53 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Nov 2007 10:13:53 -0800 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 Nov 2007 18:13:50 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 55CA2714244 for ; Tue, 20 Nov 2007 10:13:44 -0800 (PST) Message-ID: <16028783.1195582424349.JavaMail.jira@brutus> Date: Tue, 20 Nov 2007 10:13:44 -0800 (PST) From: "Daniel John Debrunner (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Reopened: (DERBY-3086) The server policy needs to grant derbynet.jar more permissions so that sysinfo and drda tracing will work In-Reply-To: <21933502.1190749490713.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-3086?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Daniel John Debrunner reopened DERBY-3086: ------------------------------------------ Two issues: +grant codeBase "${derby.install.url}derbyclient.jar" +grant codeBase "${derby.install.url}derbytesting.jar" 1) Policy file modified by this change assumes that derbyTesting.jar lives in the same folder as the other Derby jars, this is not true for a release. 2) The name of the testing jar is derbyTesting.jar, not derbytesting.jar > The server policy needs to grant derbynet.jar more permissions so that sysinfo and drda tracing will work > --------------------------------------------------------------------------------------------------------- > > Key: DERBY-3086 > URL: https://issues.apache.org/jira/browse/DERBY-3086 > Project: Derby > Issue Type: Bug > Components: Security > Affects Versions: 10.3.1.4 > Reporter: Rick Hillegas > Assignee: Rick Hillegas > Attachments: derby-3086-01-morePermissions-aa.diff, derby-3086-01-morePermissions-ab.diff, derby-3086-01-morePermissions-ac.diff > > > More permissions need to be granted to derbynet.jar in the server.policy file. David van Couvering reports that if you bring up the server and run the following command: > java -jar derbyrun.jar server sysinfo > then you get security exceptions as the sysinfo code, running inside the network jarball tries to read user.dir, user.home, user.name, java.home, and java.class.path. > Kathey Marsden reports that if you try to run the network server with drda tracing turned on, then you get security exceptions when the server tries to open the trace log file. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.