db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6617) Silently swallowed SecurityExceptions may disable Derby features, including security features.
Date Fri, 11 Jul 2014 14:42:06 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14058844#comment-14058844
] 

ASF subversion and git services commented on DERBY-6617:
--------------------------------------------------------

Commit 1609717 from [~dagw] in branch 'code/trunk'
[ https://svn.apache.org/r1609717 ]

DERBY-6617 Silently swallowed SecurityExceptions may disable Derby features, including security
features.

Patch derby-6617-2. With reference to the list of issues mentioned in the JIRA, the following
"silent swallows" are addressed with this patch:

* FileMonitor PBgetJVMProperty Catch java.lang.SecurityException 1 line 183
* FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 120
* FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 157

These are not addressed in code yet:

  BaseMonitor readApplicationProperties Catch java.lang.SecurityException 1 line 1360
  BaseMonitor runWithState Catch java.lang.SecurityException 0 line 280
  FileMonitor createDaemonGroup Catch java.lang.SecurityException 1 line 89

A new test (MissingPermissionsTest) has been added to verify that we
get errors in either derby.log or on the console's standard error
(depending on what's possible) if we see a SecurityException in the
former "silent" swallow location.

In the case of FileMonitor line 157, the boot fails so we show the
error on the console (i.e. standard error). In order for that to
happen, we added a flushing of the temporary in-memory error log,
cf. added call to dumpTempWriter if we fail BaseMonitor#initialize in
console.

> Silently swallowed SecurityExceptions may disable Derby features, including security
features.
> ----------------------------------------------------------------------------------------------
>
>                 Key: DERBY-6617
>                 URL: https://issues.apache.org/jira/browse/DERBY-6617
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.11.0.0
>            Reporter: Rick Hillegas
>            Assignee: Dag H. Wanvik
>         Attachments: derby-6617-1.diff, derby-6617-2.diff, derby-6617-2.status, derby-6617-junit.diff
>
>
> When the Monitor tries to read Derby properties, it silently swallows SecurityExceptions.
This means that the properties will be silently ignored if Derby has not been granted sufficient
privileges. This means that if you make a mistake crafting your security policy, then you
may disable authentication and authorization. You may not realize this until you have incurred
a security breach. This swallowing occurs at the following code locations:
> {noformat}
> org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties Catch java.lang.SecurityException
1 line 1360
> org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch java.lang.SecurityException
0 line 280
> org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch java.lang.SecurityException
1 line 183
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException
1 line 120
> {noformat}
> SecurityExceptions are swallowed at other locations in the Monitor. The implications
of these swallowings should be understood and, at a minimum, security problems should be fixed:
> {noformat}
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException
1 line 157
> org.apache.derby.impl.services.monitor.FileMonitor createDaemonGroup Catch java.lang.SecurityException
1 line 89
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message