db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-5611) We don't provide any advice about what permissions are required to run ij under a Java security manager.
Date Mon, 27 Feb 2012 13:42:49 GMT

     [ https://issues.apache.org/jira/browse/DERBY-5611?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick Hillegas updated DERBY-5611:
---------------------------------

    Summary: We don't provide any advice about what permissions are required to run ij under
a Java security manager.  (was: Permissions granted by server.policy to derbytools.jar are
not sufficient to run ij)

Changed the title of this issue. I agree that we shouldn't expect the server policy file to
be concerned with the permissions needed by Derby tools (leaving aside the question of sysinfo).
I still think that we ought to figure out what permissions are needed by the Derby tools and
we should document this so that people don't have to re-discover this information when they
need it. Thanks.
                
> We don't provide any advice about what permissions are required to run ij under a Java
security manager.
> --------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-5611
>                 URL: https://issues.apache.org/jira/browse/DERBY-5611
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Server, Tools
>    Affects Versions: 10.9.0.0
>            Reporter: Rick Hillegas
>            Priority: Minor
>
> server.policy grants derbytools.jar the permission to read several system properties.
 However, at startup ij tries to read all of the system properties. This happens in ij.jj
in the initFromEnvironment() method. To call System.getProperties(), you need the following
permission:
>   permission java.util.PropertyPermission "*", "read,write";
> ij startup fails with this error trace:
> Exception in thread "main" java.security.AccessControlException: access denied (java.util.PropertyPermission
* read,write)
> 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
> 	at java.security.AccessController.checkPermission(AccessController.java:546)
> 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
> 	at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1252)
> 	at java.lang.System.getProperties(System.java:581)
> 	at org.apache.derby.impl.tools.ij.ij$1.run(ij.java:113)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at org.apache.derby.impl.tools.ij.ij.initFromEnvironment(ij.java:111)
> 	at org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(utilMain.java:175)
> 	at org.apache.derby.impl.tools.ij.Main.<init>(Main.java:244)
> 	at org.apache.derby.impl.tools.ij.Main.getMain(Main.java:196)
> 	at org.apache.derby.impl.tools.ij.Main.mainCore(Main.java:181)
> 	at org.apache.derby.impl.tools.ij.Main.main(Main.java:75)
> 	at org.apache.derby.tools.ij.main(ij.java:59)
> Here are some ways to fix this problem:
> 1) Remove the whole block of permissions for derbytools.jar. Maybe those permissions
don't belong in server.policy. Note that a similar block of permissions also appears in template.policy
with a comment suggesting that they are sufficient for running the Derby tools.
> 2) Add to the derbytools block the missing permission.
> 3) Re-write initFromEnvironment() so that it reads only a few properties rather than
all properties.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message