felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard S. Hall (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (FELIX-3196) Security Problem: Getting full file access within the cache directory from one Bundle
Date Sun, 20 Nov 2011 19:57:52 GMT

     [ https://issues.apache.org/jira/browse/FELIX-3196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Richard S. Hall updated FELIX-3196:

    Fix Version/s:     (was: framework.security-2.2.0)
> Security Problem: Getting full file access within the cache directory from one Bundle
> -------------------------------------------------------------------------------------
>                 Key: FELIX-3196
>                 URL: https://issues.apache.org/jira/browse/FELIX-3196
>             Project: Felix
>          Issue Type: Bug
>          Components: Framework Security
>    Affects Versions: framework.security-2.0.0
>         Environment: felix-framework-4.0.1
>            Reporter: Michael Grammling
>            Assignee: Karl Pauls
>             Fix For: framework.security-2.0.1
> It seems that there is a security problem in the "Framework Security" module of Felix.
> I have full access to the bundle cache directory from each bundle.
> Expectation: I should only get full access to the data storage of the bundle itself.
> Actually I was able to create files from Bundle 25 inside the data storage of Bundle
> I even could delete the whole directory of Bundle 0.
> I checked the same with Knopflerfish which does this check correctly.
> Do I have to set more configuration parameters?
> The OSGi specification defines that the framework should grant access to the bundle's
data storage. 

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message