db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4287) call to System.getProperty in BCClass.java is not wrapped in a priv block so may fail when running under SecurityManager
Date Wed, 24 Jun 2009 00:36:07 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12723382#action_12723382
] 

Kathey Marsden commented on DERBY-4287:
---------------------------------------

confirmed the problem by starting network server with the default security manager and running
ij> connect 'jdbc:derby://localhost:1527/wombat';
ij> select count(*) from sys.systables;

Trace in the derby.log is:
NID = 1), (DATABASE = wombat), (DRDAID = NF000001.GA72-580400156173718907{1}), Failed Statement
is: select count(*) from sys.systables

java.security.AccessControlException: Access denied (java.util.PropertyPermission derby.system.home
read)

	at java.security.AccessControlException.<init>(AccessControlException.java:62)

	at java.security.AccessController.checkPermission(AccessController.java:68)

	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)

	at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1285)

	at java.lang.System.getProperty(System.java:378)

	at org.apache.derby.impl.services.bytecode.BCClass.getClassBytecode(BCClass.java:152)

	at org.apache.derby.impl.services.bytecode.GClass.getGeneratedClass(GClass.java:59)

	at org.apache.derby.impl.sql.compile.ExpressionClassBuilder.getGeneratedClass(ExpressionClassBuilder.java:849)

	at org.apache.derby.impl.sql.compile.StatementNode.generate(StatementNode.java:390)

	at org.apache.derby.impl.sql.GenericStatement.prepMinion(GenericStatement.java:449)

	at org.apache.derby.impl.sql.GenericStatement.prepare(GenericStatement.java:88)

	at org.apache.derby.impl.sql.conn.GenericLanguageConnectionContext.prepareInternalStatement(GenericLanguageConnectionContext.java:822)

	at org.apache.derby.impl.jdbc.EmbedPreparedStatement.<init>(EmbedPreparedStatement.java:121)

	at org.apache.derby.jdbc.Driver40.newEmbedPreparedStatement(Driver40.java:105)

	at org.apache.derby.impl.jdbc.EmbedConnection.prepareStatement(EmbedConnection.java:1542)

	at org.apache.derby.impl.jdbc.EmbedConnection.prepareStatement(EmbedConnection.java:1423)

	at org.apache.derby.impl.drda.DRDAStatement.prepare(DRDAStatement.java:635)

	at org.apache.derby.impl.drda.DRDAStatement.explicitPrepare(DRDAStatement.java:596)

	at org.apache.derby.impl.drda.DRDAConnThread.parsePRPSQLSTT(DRDAConnThread.java:3701)

	at org.apache.derby.impl.drda.DRDAConnThread.processCommands(DRDAConnThread.java:801)

	at org.apache.derby.impl.drda.DRDAConnThread.run(DRDAConnThread.java:290)


> call to System.getProperty in BCClass.java is not wrapped in a priv block so may fail
when running under SecurityManager
> ------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4287
>                 URL: https://issues.apache.org/jira/browse/DERBY-4287
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.1.3.1, 10.2.2.0, 10.3.3.0, 10.4.2.0, 10.5.1.1, 10.6.0.0
>            Reporter: Kathey Marsden
>            Assignee: Kathey Marsden
>            Priority: Minor
>
> I noticed in org.apache.derby.impl.services.bytecode.BCClass.java we have this code:
> 			String systemHome = System.getProperty(Property.SYSTEM_HOME_PROPERTY,".");
> 				writeClassFile(systemHome,false,null);
> which will fail when run under security manager because we have no privilege block.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message