db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DERBY-4292) creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not wrapped in privilege block which can cause problems running under SecurityManager
Date Wed, 08 Jul 2009 21:25:14 GMT

     [ https://issues.apache.org/jira/browse/DERBY-4292?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kathey Marsden updated DERBY-4292:
----------------------------------

    Attachment: run.out.debugall

Hi Tiago I am still looking at the patch but noticed a few things that I wanted to mention.
1) The repro that I posted originally doesn't seem to work with the patch.  I can't quite
figure out why.   derby_tests.policy has this permission which should allow us to read repro.sql:

  // Read all files under ${user.dir}
  permission java.io.FilePermission "${user.dir}${/}-", "read";
  
but yet I get:
Exception in thread "main" java.security.AccessControlException: access denied (java.io.FilePermission
repro
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323)
        at java.security.AccessController.checkPermission(AccessController.java:546)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
        at java.io.FileInputStream.<init>(FileInputStream.java:100)
        at java.io.FileInputStream.<init>(FileInputStream.java:66)
        at org.apache.derby.impl.tools.ij.Main$1.run(Main.java:124)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.derby.impl.tools.ij.Main.mainCore(Main.java:120)
        at org.apache.derby.impl.tools.ij.Main.main(Main.java:75)
        at org.apache.derby.tools.ij.main(ij.java:59)
I am attaching run.out.debugall which has the output when -Djava.security.debug=all is set.
It seems to read the permission fine but not use it later. I must be missing something simple.
This is with:
java version "1.6.0_01"
Java(TM) SE Runtime Environment (build 1.6.0_01-b06)
Java HotSpot(TM) Client VM (build 1.6.0_01-b06, mixed mode)

2) The patch introduces a regression NullPointerException if the file is not found:
Exception in thread "main" java.lang.NullPointerException
        at org.apache.derby.impl.tools.ij.utilMain.go(utilMain.java:207)
        at org.apache.derby.impl.tools.ij.Main.go(Main.java:235)
        at org.apache.derby.impl.tools.ij.Main.mainCore(Main.java:190)
        at org.apache.derby.impl.tools.ij.Main.main(Main.java:75)
        at org.apache.derby.tools.ij.main(ij.java:59)
vs 
IJ ERROR: file not found: test.sql
before the patch.

3) I noticed there is also a  Boolean.getBoolean("ij.searchClassPath") in the same area of
code which I think is going to need a privilege block too. We can handle that with this issue
or create another one.
4) In the test I think you can get rid of 
 test = new SecurityManagerSetup(test, policyName);
all together. That is the policy file that will get picked up by default.

5) Even our little tiny sql file needs a header. See other sql files for an example.


> creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not wrapped in privilege
 block which can cause problems running under SecurityManager
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4292
>                 URL: https://issues.apache.org/jira/browse/DERBY-4292
>             Project: Derby
>          Issue Type: Bug
>          Components: Tools
>    Affects Versions: 10.1.3.1, 10.2.2.0, 10.3.2.1, 10.4.2.0, 10.5.1.1, 10.6.0.0
>            Reporter: Kathey Marsden
>            Assignee: Tiago R. Espinha
>         Attachments: DERBY-4292-Fix.patch, DERBY-4292-Fix.patch, DERBY-4292-ReproTest.patch,
DERBY-4292-ReproTest.patch, derby4292.zip, run.out.debugall
>
>
> org.apache.derby.impl.tools.ij.Main has this code where the call to FileInputStream is
not wrapped in a privilege block:
>                    try {
>                         in1 = new FileInputStream(file);
>                         if (in1 != null) {
>                             in1 = new BufferedInputStream(in1, utilMain.BUFFEREDFILESIZE);
>                             in = langUtil.getNewInput(in1);
>                         }
>                     } catch (FileNotFoundException e) {
>                         if (Boolean.getBoolean("ij.searchClassPath")) {
>                             in = langUtil.getNewInput(util.getResourceAsStream(file));
>                         }
> This can cause issues when running under SecurityManager

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message