db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rick Hillegas (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DERBY-6635) OptimizerTracer.unloadTool() could be used to write garbage over Derby data files.
Date Thu, 02 Oct 2014 15:25:35 GMT

     [ https://issues.apache.org/jira/browse/DERBY-6635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Rick Hillegas updated DERBY-6635:
---------------------------------
    Attachment: derby-6635-01-aa-noOverwrite.diff

Attaching derby-6635-01-aa-noOverwrite.diff. This patch prevents the OptimizerTracer from
overwriting an existing file with its xml output. I am running tests now.

Touches the following files:

------------------

M       java/engine/org/apache/derby/impl/sql/compile/OptimizerTracer.java

Raise an error if the output file already exists. This is what SYSCS_UTIL.SYSCS_EXPORT_TABLE
does.

------------------

M       java/engine/org/apache/derby/loc/messages.xml

Tweak an existing message so that it can be used for this error condition as well.

------------------

M       java/testing/org/apache/derbyTesting/functionTests/tests/lang/MergeStatementTest.java
M       java/testing/org/apache/derbyTesting/functionTests/tests/lang/XMLOptimizerTraceTest.java
M       java/testing/org/apache/derbyTesting/junit/SupportFilesSetup.java

Adjustments to existing tests and new test case to verify this behavior.


> OptimizerTracer.unloadTool() could be used to write garbage over Derby data files.
> ----------------------------------------------------------------------------------
>
>                 Key: DERBY-6635
>                 URL: https://issues.apache.org/jira/browse/DERBY-6635
>             Project: Derby
>          Issue Type: Bug
>          Components: Tools
>    Affects Versions: 10.11.1.1
>            Reporter: Rick Hillegas
>            Assignee: Rick Hillegas
>         Attachments: derby-6635-01-aa-noOverwrite.diff
>
>
> I don't see any checks in place to prevent this method from writing its output file into
the log or sego directories or even over service.properties. Fortunately, only the DBO can
run this procedure by default.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message