[ https://issues.apache.org/jira/browse/DERBY-4292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kathey Marsden resolved DERBY-4292.
-----------------------------------
Resolution: Fixed
Fix Version/s: 10.6.0.0
10.5.2.1
Submitted this fix to trunk and 10.5 branch
Thanks Tiago
> creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not wrapped in privilege
block which can cause problems running under SecurityManager
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-4292
> URL: https://issues.apache.org/jira/browse/DERBY-4292
> Project: Derby
> Issue Type: Bug
> Components: Tools
> Affects Versions: 10.1.3.1, 10.2.2.0, 10.3.2.1, 10.4.2.0, 10.5.1.1, 10.6.0.0
> Reporter: Kathey Marsden
> Assignee: Tiago R. Espinha
> Fix For: 10.5.2.1, 10.6.0.0
>
> Attachments: DERBY-4292-Fix.patch, DERBY-4292-Fix.patch, DERBY-4292-Fix.patch,
DERBY-4292-ReproTest.patch, DERBY-4292-ReproTest.patch, DERBY-4292-ReproTest.patch, derby4292.zip,
derby4292.zip, run.out.debugall
>
>
> org.apache.derby.impl.tools.ij.Main has this code where the call to FileInputStream is
not wrapped in a privilege block:
> try {
> in1 = new FileInputStream(file);
> if (in1 != null) {
> in1 = new BufferedInputStream(in1, utilMain.BUFFEREDFILESIZE);
> in = langUtil.getNewInput(in1);
> }
> } catch (FileNotFoundException e) {
> if (Boolean.getBoolean("ij.searchClassPath")) {
> in = langUtil.getNewInput(util.getResourceAsStream(file));
> }
> This can cause issues when running under SecurityManager
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
|