db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kim Haase (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6438) Explicitly grant SocketPermission "listen" in default server policy
Date Fri, 24 Jan 2014 16:53:41 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13881140#comment-13881140
] 

Kim Haase commented on DERBY-6438:
----------------------------------

I'm on a Unix system (Solaris) and am having trouble starting the network server too. My Derby
jars ARE in /export/home/chaase/db-derby-10.10.1.1-bin/lib/.

java -Djava.security.manager -Djava.security.policy=/home/cbhaase/1010_server.policy -Dderby.security.port=1527
-Dderby.install.url=/export/home/chaase/db-derby-10.10.1.1-bin/lib/ org.apache.derby.drda.NetworkServerControl
start
java.security.policy: error adding Entry:
        java.net.MalformedURLException: no protocol: /export/home/chaase/db-derby-10.10.1.1-bin/lib/derby.jar
java.security.policy: error adding Entry:
        java.net.MalformedURLException: no protocol: /export/home/chaase/db-derby-10.10.1.1-bin/lib/derbynet.jar
java.security.policy: error adding Entry:
        java.net.MalformedURLException: no protocol: /export/home/chaase/db-derby-10.10.1.1-bin/lib/derbytools.jar
java.security.policy: error adding Entry:
        java.net.MalformedURLException: no protocol: /export/home/chaase/db-derby-10.10.1.1-bin/lib/derbyclient.jar
Fri Jan 24 11:41:37 EST 2014 : access denied ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine"
"write")
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine"
"write")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
        at java.security.AccessController.checkPermission(AccessController.java:559)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at java.lang.System.setProperty(System.java:783)
        at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)
        at org.apache.derby.drda.NetworkServerControl$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.derby.drda.NetworkServerControl.main(Unknown Source)


> Explicitly grant SocketPermission "listen" in default server policy
> -------------------------------------------------------------------
>
>                 Key: DERBY-6438
>                 URL: https://issues.apache.org/jira/browse/DERBY-6438
>             Project: Derby
>          Issue Type: Improvement
>          Components: Network Server
>    Affects Versions: 10.11.0.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>             Fix For: 10.5.3.2, 10.6.2.4, 10.7.1.4, 10.8.3.3, 10.9.2.2, 10.10.1.4, 10.11.0.0
>
>         Attachments: 1010_server.policy, 1010_server.policy, 1010_server.policy, 1010_server.policy,
d6438-1a.diff, releaseNote.html, releaseNote.html
>
>
> The network server needs SocketPermission "listen" on the port that it listens to, but
this permission is not granted by the basic server policy that's installed by default. This
doesn't cause any problems in most cases, since the JVM's default policy grants all code bases
SocketPermission "listen" on a range of ports, and Derby's network server port is within that
range.
> Still, the network server should not rely on this fact. It is possible to run the network
server on any port, not only those ports that happen be in the range that's given carte blanche
by the platform's default policy. The network server will however not be able to run on those
ports with the basic policy currently, only with a custom policy or with the security manager
disabled.
> The default policy should make this permission explicit.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message