db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5363) Tighten default permissions of DB files with >= JDK6
Date Tue, 30 Aug 2011 15:55:37 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13093841#comment-13093841
] 

Dag H. Wanvik commented on DERBY-5363:
--------------------------------------

I think I would actually prefer to let new Derby versions (>=10.9) of the server CLI startup
(or possibly only the startup script, although I don't like the thought that the script should
be anything but a convenience) enable the secure permissions by default, and leave it at that.
I think any upgrade hassle[1] for users neglecting the read the release notes (to as to keep
existing behavior) is worth the added security.

[1] Should be detected at once when trying to write derby.log. It is easy to fix, just change
the permissions back to lax and start using the property when the server is started.


> Tighten default permissions of DB files with >= JDK6
> ----------------------------------------------------
>
>                 Key: DERBY-5363
>                 URL: https://issues.apache.org/jira/browse/DERBY-5363
>             Project: Derby
>          Issue Type: Improvement
>            Reporter: Dag H. Wanvik
>         Attachments: derby-5363-basic-1.diff, derby-5363-basic-1.stat, permission-5.diff,
permission-5.stat, permission-6.diff, permission-6.stat, property-table.png, z.sql
>
>
> Before Java 6, files created by Derby would have the default
> permissions of the operating system context. Under Unix, this would
> depend on the effective umask of the process that started the Java VM.
> In Java 6 and 7, there are methods available that allows tightening up this
> (File.setReadable, setWritable), making it less likely that somebody
> would accidentally run Derby with a too lenient default.
> I suggest we take advantage of this, and let Derby by default (in Java
> 6 and higher) limit the visibility to the OS user that starts the VM,
> e.g. on Unix this would be equivalent to running with umask 0077. More
> secure by default is good, I think.
> We could have a flag, e.g. "derby.storage.useDefaultFilePermissions"
> that when set to true, would give the old behavior.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message