db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Stocker (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6438) Explicitly grant SocketPermission "listen" in default server policy
Date Mon, 24 Feb 2014 01:22:20 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13909961#comment-13909961
] 

Daniel Stocker commented on DERBY-6438:
---------------------------------------

Environment: 
OS: Windows 7 Pro SP1
JAVA: java version "1.7.0_51", Java(TM) SE Runtime Environment (build 1.7.0_51-b13),Java HotSpot(TM)
64-Bit Server VM (build 24.51-b03, mixed mode)
DERBY: 10.10.1.1 (April 15, 2013 / SVN 1458268)

Hi, I'm experiencing the issue described here:
C:\derby\db-derby-10.10.1.1-bin\bin>startNetworkServer
Mon Feb 24 13:06:16 NZDT 2014 : Security manager installed using the Basic server security
policy.
Mon Feb 24 13:06:19 NZDT 2014 : access denied ("java.net.SocketPermission" "localhost:1527"
"listen,resolve")
<snip>

I've tried working around the issue by using the methods described, but get the same issue
as others previously described:
C:\derby\db-derby-10.10.1.1-bin\bin>java -Djava.security.manager -Djava.security.policy=c:/derby/db-derby-10.10.1.1-bin/bin/1010_server.policy
-Dderby.security.port=1527 -Dderby.install.url=file:///c:/derby/db-derby-10.10.1.1-bin org.apache.derby.drda.NetworkServerControl
start
Mon Feb 24 13:10:39 NZDT 2014 : access denied ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine"
"write")
java.security.AccessControlException: access denied ("java.util.PropertyPermission" "derby.__serverStartedFromCmdLine"
"write")
<snip>

I tried both the earliest (17/Jan/14 18:05) and latest policy file (22/Jan/14 14:24).
I also tried 1, 2 and 3 slashes after file: under derby.install.url parameter.
I also tried including and excluding the trailing slash at the end of derby.install.url parameter.
I also tried: java -Djava.security.manager -Djava.security.policy=c:/derby/db-derby-10.10.1.1-bin/bin/1010_server.policy
-Dderby.security.port=1527 -Dderby.install.url=file:///c:/derby/db-derby-10.10.1.1-bin -jar
derbyrun.jar server start
However I get the same error for all variations and am unable to get the network server running.
I notice there are a couple of other variables inside the policy file (derby.system.home and
derby.drda.traceDirectory), do I have to provide parameters for those also?
As this is a local dev environment, perhaps the solution is to install an old version of Java
SDK? In this case, which would be suitable?
Any help would be very much appreciated :)

> Explicitly grant SocketPermission "listen" in default server policy
> -------------------------------------------------------------------
>
>                 Key: DERBY-6438
>                 URL: https://issues.apache.org/jira/browse/DERBY-6438
>             Project: Derby
>          Issue Type: Improvement
>          Components: Network Server
>    Affects Versions: 10.11.0.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>             Fix For: 10.5.3.2, 10.6.2.4, 10.7.1.4, 10.8.3.3, 10.9.2.2, 10.10.1.4, 10.11.0.0
>
>         Attachments: 1010_server.policy, 1010_server.policy, 1010_server.policy, 1010_server.policy,
d6438-1a.diff, releaseNote.html, releaseNote.html
>
>
> The network server needs SocketPermission "listen" on the port that it listens to, but
this permission is not granted by the basic server policy that's installed by default. This
doesn't cause any problems in most cases, since the JVM's default policy grants all code bases
SocketPermission "listen" on a range of ports, and Derby's network server port is within that
range.
> Still, the network server should not rely on this fact. It is possible to run the network
server on any port, not only those ports that happen be in the range that's given carte blanche
by the platform's default policy. The network server will however not be able to run on those
ports with the basic policy currently, only with a custom policy or with the security manager
disabled.
> The default policy should make this permission explicit.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message