Return-Path: X-Original-To: apmail-db-derby-dev-archive@www.apache.org Delivered-To: apmail-db-derby-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5CF31108F7 for ; Wed, 22 Jan 2014 13:45:22 +0000 (UTC) Received: (qmail 28368 invoked by uid 500); 22 Jan 2014 13:45:22 -0000 Delivered-To: apmail-db-derby-dev-archive@db.apache.org Received: (qmail 28234 invoked by uid 500); 22 Jan 2014 13:45:21 -0000 Mailing-List: contact derby-dev-help@db.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: Delivered-To: mailing list derby-dev@db.apache.org Received: (qmail 28220 invoked by uid 99); 22 Jan 2014 13:45:19 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Jan 2014 13:45:19 +0000 Date: Wed, 22 Jan 2014 13:45:19 +0000 (UTC) From: "Rick Hillegas (JIRA)" To: derby-dev@db.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (DERBY-6438) Explicitly grant SocketPermission "listen" in default server policy MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DERBY-6438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rick Hillegas updated DERBY-6438: --------------------------------- Attachment: 1010_server.policy Attaching an updated version of the 1010_server.policy. I have confirmed that the old version flunks the server boot on JDK 7 and higher as reported on this derby-user thread: http://apache-database.10148.n7.nabble.com/Network-Server-Access-Permissions-and-Java-1-7-0-51-td136583.html. The old version was missing a permissions block which is needed for managing extra file access controls on JDK 7 and higher. With the new policy file, I am able to boot the server and create an in-memory database using Java 1.8.0-ea-b121. > Explicitly grant SocketPermission "listen" in default server policy > ------------------------------------------------------------------- > > Key: DERBY-6438 > URL: https://issues.apache.org/jira/browse/DERBY-6438 > Project: Derby > Issue Type: Improvement > Components: Network Server > Affects Versions: 10.11.0.0 > Reporter: Knut Anders Hatlen > Assignee: Knut Anders Hatlen > Fix For: 10.5.3.2, 10.6.2.4, 10.7.1.4, 10.8.3.3, 10.9.2.2, 10.10.1.4, 10.11.0.0 > > Attachments: 1010_server.policy, 1010_server.policy, d6438-1a.diff, releaseNote.html, releaseNote.html > > > The network server needs SocketPermission "listen" on the port that it listens to, but this permission is not granted by the basic server policy that's installed by default. This doesn't cause any problems in most cases, since the JVM's default policy grants all code bases SocketPermission "listen" on a range of ports, and Derby's network server port is within that range. > Still, the network server should not rely on this fact. It is possible to run the network server on any port, not only those ports that happen be in the range that's given carte blanche by the platform's default policy. The network server will however not be able to run on those ports with the basic policy currently, only with a custom policy or with the security manager disabled. > The default policy should make this permission explicit. -- This message was sent by Atlassian JIRA (v6.1.5#6160)