db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kathey Marsden (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-4292) creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not wrapped in privilege block which can cause problems running under SecurityManager
Date Fri, 10 Jul 2009 17:03:14 GMT

    [ https://issues.apache.org/jira/browse/DERBY-4292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12729717#action_12729717
] 

Kathey Marsden commented on DERBY-4292:
---------------------------------------

I think it is ok to check this patch in as is as soon as we get the results of your regression
tests.

Regarding the test for the non-existent file, I am not quite sure what you mean regarding
the SupportFilesSetup as that wouldn't be used, we would just call ij and specify a file that
does not exist.  I do however see how such a test would be problematic as long as we have
the problem of the error just going to System.out. I guess that it would make the most sense
to add that test when that issue is fixed.

I think we need 2 new bugs after this one goes in, both minor or even trivial: One for the
ij exit code when the file is not found and another for the NullPointerException if the resource
 is not found with ij.searchClassPath.  Mark both newcomer.


> creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not wrapped in privilege
 block which can cause problems running under SecurityManager
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-4292
>                 URL: https://issues.apache.org/jira/browse/DERBY-4292
>             Project: Derby
>          Issue Type: Bug
>          Components: Tools
>    Affects Versions: 10.1.3.1, 10.2.2.0, 10.3.2.1, 10.4.2.0, 10.5.1.1, 10.6.0.0
>            Reporter: Kathey Marsden
>            Assignee: Tiago R. Espinha
>         Attachments: DERBY-4292-Fix.patch, DERBY-4292-Fix.patch, DERBY-4292-Fix.patch,
DERBY-4292-ReproTest.patch, DERBY-4292-ReproTest.patch, DERBY-4292-ReproTest.patch, derby4292.zip,
derby4292.zip, run.out.debugall
>
>
> org.apache.derby.impl.tools.ij.Main has this code where the call to FileInputStream is
not wrapped in a privilege block:
>                    try {
>                         in1 = new FileInputStream(file);
>                         if (in1 != null) {
>                             in1 = new BufferedInputStream(in1, utilMain.BUFFEREDFILESIZE);
>                             in = langUtil.getNewInput(in1);
>                         }
>                     } catch (FileNotFoundException e) {
>                         if (Boolean.getBoolean("ij.searchClassPath")) {
>                             in = langUtil.getNewInput(util.getResourceAsStream(file));
>                         }
> This can cause issues when running under SecurityManager

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message