Return-Path: Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: (qmail 57199 invoked from network); 8 Dec 2008 16:35:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 8 Dec 2008 16:35:25 -0000 Received: (qmail 37251 invoked by uid 500); 8 Dec 2008 16:35:24 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 37210 invoked by uid 500); 8 Dec 2008 16:35:23 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 37159 invoked by uid 99); 8 Dec 2008 16:35:23 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Dec 2008 08:35:23 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Dec 2008 16:33:55 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 667B5234C338 for ; Mon, 8 Dec 2008 08:34:44 -0800 (PST) Message-ID: <1270832778.1228754084418.JavaMail.jira@brutus> Date: Mon, 8 Dec 2008 08:34:44 -0800 (PST) From: "Kathey Marsden (JIRA)" To: derby-dev@db.apache.org Subject: [jira] Assigned: (DERBY-1487) Use of getCanonicalPath() in sysinfo causes a SecurityException In-Reply-To: <31595588.1152341069866.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DERBY-1487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kathey Marsden reassigned DERBY-1487: ------------------------------------- Assignee: (was: Andrew McIntyre) > Use of getCanonicalPath() in sysinfo causes a SecurityException > --------------------------------------------------------------- > > Key: DERBY-1487 > URL: https://issues.apache.org/jira/browse/DERBY-1487 > Project: Derby > Issue Type: Bug > Components: Tools > Affects Versions: 10.1.3.1, 10.2.1.6 > Environment: Windows XP. I could not reproduce the issue on Mac OS X. > Reporter: Andrew McIntyre > Priority: Minor > > From DERBY-1272: > Here's the full stack for the SecurityException found by the errorStream test with the -v4 patch applied: > Test errorStream failed: access denied (java.io.FilePermission C:\derby-trunk\classes read) > at java.security.AccessController.checkPermission(AccessController.java:401) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:524) > at java.lang.SecurityManager.checkRead(SecurityManager.java:863) > at java.io.File.exists(File.java:678) > at java.io.Win32FileSystem.canonicalize(Win32FileSystem.java:360) > at java.io.File.getCanonicalPath(File.java:513) > at org.apache.derby.impl.tools.sysinfo.Main.formatURL(Main.java:1206) > at org.apache.derby.impl.tools.sysinfo.Main.loadZipFromResource(Main.java:831) > at org.apache.derby.impl.tools.sysinfo.Main.getAllInfo(Main.java:735) > at org.apache.derby.impl.tools.sysinfo.Main.reportDerby(Main.java:212) > at org.apache.derby.impl.tools.sysinfo.Main.getMainInfo(Main.java:119) > at org.apache.derby.tools.sysinfo.getInfo(sysinfo.java:200) > at org.apache.derby.impl.services.monitor.BaseMonitor.dumpTempWriter(BaseMonitor.java:1949) > at org.apache.derby.impl.services.monitor.BaseMonitor.runWithState(BaseMonitor.java:383) > at org.apache.derby.impl.services.monitor.FileMonitor.(FileMonitor.java:59) > at org.apache.derby.iapi.services.monitor.Monitor.startMonitor(Monitor.java:288) > at org.apache.derby.iapi.jdbc.JDBCBoot.boot(JDBCBoot.java:68) > at org.apache.derby.jdbc.EmbeddedDriver.boot(EmbeddedDriver.java:178) > The problem would appear that we explicitly need java.io.FilePermission read on the classes directory, even though this directory contains the classes we are currently running against. This may be a problem with java.io.File.getCanonicalPath(), but it may also be a problem with sysinfo. > org.apache.derby.impl.tools.sysinfo.Main.formatURL(Main.java:1206) is: > result = new File(filename).getCanonicalPath().replace('/', File.separatorChar); > The Sun Windows JVM may throw a SecurityException by default in the most restricted environments. From the javadoc for File.getCanonicalPath(): > "If a required system property value cannot be accessed, or if a security manager exists and its SecurityManager.checkRead(java.io.FileDescriptor) method denies read access to the file" > Some investigation is required to determine whether or not this is a Windows-specific issue or if it is reproducible on other platforms. It has already been found to not be reproducible on Mac OS X. I'm curious why this exception is not thrown when running sysinfo standalone with a security manager without a policy file, since presumably this permission would not have been granted to sysinfo and the same code path should be used in both cases. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.