db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tiago R. Espinha (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4292) creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not wrapped in privilege block which can cause problems running under SecurityManager
Date Thu, 09 Jul 2009 10:55:14 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Tiago R. Espinha updated DERBY-4292:
------------------------------------

    Attachment: DERBY-4292-ReproTest.patch

I'm attaching the latest patch to this issue.

Kathey said:
> "...and add a test if the file does not exist..."
Is this really necessary? If the file does not exist in the Derby code tree, the SupportFilesSetup
will blow up on its own, and if it does exist there, then it is safe to say that it will exist
in the extinout folder.

If anything, I think we can later on change that ij behavior and make it throw an exception
rather than an error message, so that the test fails when the file does not exist.

What I'm thinking is that by putting such check on a test, we sort of are masking the problem
with ij exiting with status 0 even when the file does not exist. If you think we should have
that check anyway, I can easily do it with a new File().exists().

For this patch (just the Repro test) I removed the SecurityManager decorator and added the
header to the sql file. The fix remains the same.

I'll be running regressions today.

> creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not wrapped in privilege
 block which can cause problems running under SecurityManager
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4292
>                 URL: https://issues.apache.org/jira/browse/DERBY-4292
>             Project: Derby
>          Issue Type: Bug
>          Components: Tools
>    Affects Versions: 10.1.3.1, 10.2.2.0, 10.3.2.1, 10.4.2.0, 10.5.1.1, 10.6.0.0
>            Reporter: Kathey Marsden
>            Assignee: Tiago R. Espinha
>         Attachments: DERBY-4292-Fix.patch, DERBY-4292-Fix.patch, DERBY-4292-Fix.patch,
DERBY-4292-ReproTest.patch, DERBY-4292-ReproTest.patch, DERBY-4292-ReproTest.patch, derby4292.zip,
derby4292.zip, run.out.debugall
>
>
> org.apache.derby.impl.tools.ij.Main has this code where the call to FileInputStream is
not wrapped in a privilege block:
>                    try {
>                         in1 = new FileInputStream(file);
>                         if (in1 != null) {
>                             in1 = new BufferedInputStream(in1, utilMain.BUFFEREDFILESIZE);
>                             in = langUtil.getNewInput(in1);
>                         }
>                     } catch (FileNotFoundException e) {
>                         if (Boolean.getBoolean("ij.searchClassPath")) {
>                             in = langUtil.getNewInput(util.getResourceAsStream(file));
>                         }
> This can cause issues when running under SecurityManager

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message