db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Knut Anders Hatlen (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-6617) Silently swallowed SecurityExceptions may disable Derby features, including security features.
Date Tue, 15 Jul 2014 11:32:04 GMT

     [ https://issues.apache.org/jira/browse/DERBY-6617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Knut Anders Hatlen updated DERBY-6617:
--------------------------------------

    Attachment: exit-subprocess.diff

The attached patch [^exit-subprocess.diff] makes the test close the standard input of the
forked ij process so that it has more time to exit normally before destroy() is called. Also,
the timeout value given to complete() is increased from three seconds to two minutes to reduce
the chance of instabilities on slow machines.

That change fixed the heisenbug on a Windows machine where I was able to reproduce it reliably
without the patch. However, the test still failed because of another error. When the log is
scanned for a particular error message, we don't find it on Windows because the path name
is different (backslash vs forward slash). The patch therefore also changes these checks to
use a regular expression which accepts variations both in quoting and in directory separators.

MissingPermissionsTest now passes in my environment on both Linux and Windows, and with JDK
6, 7 and 8.

> Silently swallowed SecurityExceptions may disable Derby features, including security
features.
> ----------------------------------------------------------------------------------------------
>
>                 Key: DERBY-6617
>                 URL: https://issues.apache.org/jira/browse/DERBY-6617
>             Project: Derby
>          Issue Type: Bug
>          Components: Services
>    Affects Versions: 10.11.0.0
>            Reporter: Rick Hillegas
>            Assignee: Dag H. Wanvik
>         Attachments: derby-6617-04-aa-platformSpecificErrorText.diff, derby-6617-1.diff,
derby-6617-2.diff, derby-6617-2.status, derby-6617-3.diff, derby-6617-3.status, derby-6617-junit.diff,
exit-subprocess.diff, fix-test.diff
>
>
> When the Monitor tries to read Derby properties, it silently swallows SecurityExceptions.
This means that the properties will be silently ignored if Derby has not been granted sufficient
privileges. This means that if you make a mistake crafting your security policy, then you
may disable authentication and authorization. You may not realize this until you have incurred
a security breach. This swallowing occurs at the following code locations:
> {noformat}
> org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties Catch java.lang.SecurityException
1 line 1360
> org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch java.lang.SecurityException
0 line 280
> org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch java.lang.SecurityException
1 line 183
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException
1 line 120
> {noformat}
> SecurityExceptions are swallowed at other locations in the Monitor. The implications
of these swallowings should be understood and, at a minimum, security problems should be fixed:
> {noformat}
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException
1 line 157
> org.apache.derby.impl.services.monitor.FileMonitor createDaemonGroup Catch java.lang.SecurityException
1 line 89
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message