db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4287) call to System.getProperty in BCClass.java is not wrapped in a priv block so may fail when running under SecurityManager
Date Thu, 25 Jun 2009 23:56:07 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kathey Marsden updated DERBY-4287:
----------------------------------

    Attachment: fost.zip

I think perhaps the behavior I was seeing where  an unwrapped FileOutputStream creation failed
to throw an exception is an IBM 1.6 bug.  The attached program (in fost.zip) does not throw
an exception with IBM 1.6, but does with Sun 1.6 and  IBM 1.5.

To run change the script runfost.sh to have the class/policy file location for fostloc and
run the script ./runfost.sh

IBM 1.6 will complete and create the file myfile.out. Other jvms throw an Exception:
Exception in thread "main" java.security.AccessControlException: access denied (java.io.FilePermission
myfile.out write)

        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkWrite(SecurityManager.java:962)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:169)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:131)
        at FileOutputStreamTest.main(FileOutputStreamTest.java:29)

(You can also run with the "withdopriv" option to wrap the call correctly) 
I will try to find some documentation that the doPrivileged should be  required when running
under security manager.



> call to System.getProperty in BCClass.java is not wrapped in a priv block so may fail
when running under SecurityManager
> ------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4287
>                 URL: https://issues.apache.org/jira/browse/DERBY-4287
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.1.3.1, 10.2.2.0, 10.3.3.0, 10.4.2.0, 10.5.1.1, 10.6.0.0
>            Reporter: Kathey Marsden
>            Assignee: Kathey Marsden
>            Priority: Minor
>         Attachments: derby-4287_diff.txt, fost.zip
>
>
> I noticed in org.apache.derby.impl.services.bytecode.BCClass.java we have this code:
> 			String systemHome = System.getProperty(Property.SYSTEM_HOME_PROPERTY,".");
> 				writeClassFile(systemHome,false,null);
> which will fail when run under security manager because we have no privilege block.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message