db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bryan Pendleton (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6741) User code can get the ContextManager from an EmbedConnection
Date Sat, 11 Jul 2015 16:20:04 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14623467#comment-14623467
] 

Bryan Pendleton commented on DERBY-6741:
----------------------------------------

With OpenJDK 1.8.0_45 running on Fedora22, I see highly intermittent
failures in 

    NoDBInternalsPermissionTest.test_002_EmbedConnection

My error is:

java.security.AccessControlException: access denied org.apache.derby.security.SystemPermission(
"engine", "usederbyinternals" )
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)

        at java.security.AccessController.checkPermission(AccessController.java:884) 
        at org.apache.derby.iapi.security.SecurityUtil.checkDerbyInternalsPrivilege(SecurityUtil.java:221)
        at org.apache.derby.iapi.services.monitor.Monitor.getMonitorLite(Monitor.java:339)
        at org.apache.derby.iapi.services.property.PropertyUtil$2.run(PropertyUtil.java:719)
        at org.apache.derby.iapi.services.property.PropertyUtil$2.run(PropertyUtil.java:716)
        at java.security.AccessController.doPrivileged(Native Method)

The error is quite hard to reproduce, and seems only to happen in large suite runs.

Any thoughts on what might be happening?

> User code can get the ContextManager from an EmbedConnection
> ------------------------------------------------------------
>
>                 Key: DERBY-6741
>                 URL: https://issues.apache.org/jira/browse/DERBY-6741
>             Project: Derby
>          Issue Type: Bug
>          Components: JDBC, Services
>            Reporter: Rick Hillegas
>            Assignee: Rick Hillegas
>             Fix For: 10.12.0.0
>
>         Attachments: derby-6741-01-aa-usederbyinternals.diff
>
>
> EmbedConnection.getContextManager() is a public method. Exposing internals like the ContextManager
is a security risk.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message