db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-6617) Silently swallowed SecurityExceptions may disable Derby features, including security features.
Date Fri, 11 Jul 2014 21:38:04 GMT

     [ https://issues.apache.org/jira/browse/DERBY-6617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Dag H. Wanvik updated DERBY-6617:

    Attachment: derby-6617-3.status

Attaching patch [^derby-6617-3.diff] which adds reporting of the swallowed SecurityException
in FileMonitor#createDaemonGroup.

To get that printed I also i had to to make sure to dump the temporary log in a change added
to BaseMonitor#runWithState.

Additionally, I discovered that Derby became unbootable if we lack the modifyThreadGroup permission:
the monitor in such an event, lacking a proper handler, thought it was already initialized
so subsequent boot attempts (from a non-system thread so we wouldn't see the modifyThreadGroup
issue) would also fail. I added a handler to clear the monitor to fix this.

Presently, the new test fixture, testModifyThreadGroup leads to the warning message being
written to the console - it isn't yet asserted upon. I'll add another test so we can assert
the presence of that message on the console running in a spawned process so we can catch the

Not for commit yet, but I'll be out a bit so I post this now so reviewers can have a look.

> Silently swallowed SecurityExceptions may disable Derby features, including security
> ----------------------------------------------------------------------------------------------
>                 Key: DERBY-6617
>                 URL: https://issues.apache.org/jira/browse/DERBY-6617
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions:
>            Reporter: Rick Hillegas
>            Assignee: Dag H. Wanvik
>         Attachments: derby-6617-1.diff, derby-6617-2.diff, derby-6617-2.status, derby-6617-3.diff,
derby-6617-3.status, derby-6617-junit.diff
> When the Monitor tries to read Derby properties, it silently swallows SecurityExceptions.
This means that the properties will be silently ignored if Derby has not been granted sufficient
privileges. This means that if you make a mistake crafting your security policy, then you
may disable authentication and authorization. You may not realize this until you have incurred
a security breach. This swallowing occurs at the following code locations:
> {noformat}
> org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties Catch java.lang.SecurityException
1 line 1360
> org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch java.lang.SecurityException
0 line 280
> org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch java.lang.SecurityException
1 line 183
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException
1 line 120
> {noformat}
> SecurityExceptions are swallowed at other locations in the Monitor. The implications
of these swallowings should be understood and, at a minimum, security problems should be fixed:
> {noformat}
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException
1 line 157
> org.apache.derby.impl.services.monitor.FileMonitor createDaemonGroup Catch java.lang.SecurityException
1 line 89
> {noformat}

This message was sent by Atlassian JIRA

View raw message