db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-5363) Tighten default permissions of DB files with >= JDK6
Date Thu, 01 Sep 2011 02:53:09 GMT

     [ https://issues.apache.org/jira/browse/DERBY-5363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dag H. Wanvik updated DERBY-5363:
---------------------------------

    Attachment: derby-5363-basic-2.stat
                derby-5363-basic-2.diff

Uploading derby-5363-basic-2, which removes the dependency on Java 7 for compiling Derby.
The code in FileUtil7.java has been recoded with reflection and moved into FileUtil.java.
Rerunning regressions.

Any treatment of the property default, whichever way we choose to go, is yet pending. 

Apart from that, the patch is complete and ready for review. I do plan to go over the exception
handling a bit more: although I have made pains to try to make any exception due to missing
security permission propagate all the way up there are still locations in the code where I
ignore them due to the fan-out if we introduce checked exception in low level utility classes,
the theory being that the missing permissions would be detected elsewhere. I'll have a look
to see if we could use unchecked exception  and catch those at the top/boot level, cf. iapi.error.PassThroughException,
since I don't like ignoring exceptions...

> Tighten default permissions of DB files with >= JDK6
> ----------------------------------------------------
>
>                 Key: DERBY-5363
>                 URL: https://issues.apache.org/jira/browse/DERBY-5363
>             Project: Derby
>          Issue Type: Improvement
>            Reporter: Dag H. Wanvik
>         Attachments: derby-5363-basic-1.diff, derby-5363-basic-1.stat, derby-5363-basic-2.diff,
derby-5363-basic-2.stat, permission-5.diff, permission-5.stat, permission-6.diff, permission-6.stat,
property-table.png, z.sql
>
>
> Before Java 6, files created by Derby would have the default
> permissions of the operating system context. Under Unix, this would
> depend on the effective umask of the process that started the Java VM.
> In Java 6 and 7, there are methods available that allows tightening up this
> (File.setReadable, setWritable), making it less likely that somebody
> would accidentally run Derby with a too lenient default.
> I suggest we take advantage of this, and let Derby by default (in Java
> 6 and higher) limit the visibility to the OS user that starts the VM,
> e.g. on Unix this would be equivalent to running with umask 0077. More
> secure by default is good, I think.
> We could have a flag, e.g. "derby.storage.useDefaultFilePermissions"
> that when set to true, would give the old behavior.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message