You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "C. Scott Andreas (JIRA)" <ji...@apache.org> on 2018/11/19 02:18:01 UTC
[jira] [Updated] (CASSANDRA-12332) Weak SecurityManager Check:
Overridable Method
[ https://issues.apache.org/jira/browse/CASSANDRA-12332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
C. Scott Andreas updated CASSANDRA-12332:
-----------------------------------------
Component/s: Core
> Weak SecurityManager Check: Overridable Method
> ----------------------------------------------
>
> Key: CASSANDRA-12332
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12332
> Project: Cassandra
> Issue Type: Sub-task
> Components: Core
> Reporter: Eduardo Aguinaga
> Priority: Major
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.
> Issue:
> Non-final methods that perform security checks may be overridden in ways that bypass security checks.
> {code:java}
> CassandraDaemon.java, lines 155-165:
> 155 protected void setup()
> 156 {
> 157 // Delete any failed snapshot deletions on Windows - see CASSANDRA-9658
> 158 if (FBUtilities.isWindows())
> 159 WindowsFailedSnapshotTracker.deleteOldSnapshots();
> 160
> 161 ThreadAwareSecurityManager.install();
> 162
> 163 logSystemInfo();
> 164
> 165 CLibrary.tryMlockall();
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org