db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-5363) Tighten default permissions of DB files with >= JDK6
Date Fri, 19 Aug 2011 22:57:27 GMT

    [ https://issues.apache.org/jira/browse/DERBY-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13088051#comment-13088051
] 

Dag H. Wanvik commented on DERBY-5363:
--------------------------------------

Right, if the two users relied on group write access to derby.log (as they would have had
to to be able to use the same derby.log file earlier), user B who tried to *append* to the
already created derby.log (created by user A), would experience an error, cf below. I.e. the
fact that derby.log is not accessible results in this error message on the console:

Sat Aug 20 00:46:04 CEST 2011 Thread[main,5,main] java.io.FileNotFoundException: derby.log
(Ingen tilgang)

"Ingen adgang": Norwegian for "no access" :.) Derby then proceeds to use the console as error
stream. 

The workaround would be to specify -Dderby.error.derby.stream.error.file=<file>, cf.
end of enclosed session trace.

----------------------------------------------------------------------------
dags-lenovo:~/java/sb/sb1$ ls -l derby.log
-rwx------ 1 dag None 1079 Aug 10 00:33 derby.log

dags-lenovo:~/java/sb/sb1$ chmod 000 derby.log

dags-lenovo:~/java/sb/sb1$ ls -l derby.log
---------- 1 dag None 1079 Aug 10 00:33 derby.log

dags-lenovo:~/java/sb/sb1$ java org.apache.derby.tools.ij
ij version 10.9
ij> connect 'jdbc:derby:wombat';
Sat Aug 20 00:46:04 CEST 2011 Thread[main,5,main] java.io.FileNotFoundException: derby.log
(Ingen tilgang)
Sat Aug 20 00:46:05 CEST 2011 Thread[main,5,main] Cleanup action starting
java.sql.SQLException: Database 'wombat' not found.
	at org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(SQLExceptionFactory40.java:98)
	at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:142)
	at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:148)
	at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Util.java:227)
	at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(EmbedConnection.java:3085)
	at org.apache.derby.impl.jdbc.EmbedConnection.handleDBNotFound(EmbedConnection.java:735)
:
dags-lenovo:~/java/sb/sb1$ java -Dderby.stream.error.file=error.txt org.apache.derby.tools.ij
ij version 10.9
ij> connect 'jdbc:derby:wombat';
ERROR XJ004: Database 'wombat' not found.
ij> exit;
dags-lenovo:~/java/sb/sb1$ Use "exit" to leave the shell.
dags-lenovo:~/java/sb/sb1$ cat error.txt
Sat Aug 20 00:54:38 CEST 2011 Thread[main,5,main] Cleanup action starting
java.sql.SQLException: Database 'wombat' not found.
	at org.apache.derby.impl.jdbc.SQLExceptionFactory40.getSQLException(SQLExceptionFactory40.java:98)
	at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:142)
	at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:148)
	at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Util.java:227)
	at org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(EmbedConnection.java:3085)


> Tighten default permissions of DB files with >= JDK6
> ----------------------------------------------------
>
>                 Key: DERBY-5363
>                 URL: https://issues.apache.org/jira/browse/DERBY-5363
>             Project: Derby
>          Issue Type: Improvement
>            Reporter: Dag H. Wanvik
>         Attachments: permission-5.diff, permission-5.stat, permission-6.diff, permission-6.stat,
z.sql
>
>
> Before Java 6, files created by Derby would have the default
> permissions of the operating system context. Under Unix, this would
> depend on the effective umask of the process that started the Java VM.
> In Java 6 and 7, there are methods available that allows tightening up this
> (File.setReadable, setWritable), making it less likely that somebody
> would accidentally run Derby with a too lenient default.
> I suggest we take advantage of this, and let Derby by default (in Java
> 6 and higher) limit the visibility to the OS user that starts the VM,
> e.g. on Unix this would be equivalent to running with umask 0077. More
> secure by default is good, I think.
> We could have a flag, e.g. "derby.storage.useDefaultFilePermissions"
> that when set to true, would give the old behavior.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message