You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Richard S. Hall (JIRA)" <ji...@apache.org> on 2009/06/29 22:05:47 UTC
[jira] Created: (FELIX-1285) SecureAction captures the calling
context incorrectly
SecureAction captures the calling context incorrectly
-----------------------------------------------------
Key: FELIX-1285
URL: https://issues.apache.org/jira/browse/FELIX-1285
Project: Felix
Issue Type: Bug
Components: Framework
Affects Versions: felix-1.8.1
Reporter: Richard S. Hall
Assignee: Karl Pauls
Fix For: felix-2.0.0
In SecureAction we capture the calling context for optimization purposes, but the context captures the current stack no matter who is on the stack. Since the whole point of SecureAction is to allow the framework to perform sensitive operations without worrying about who is on the call stack, this seems to be a bug since there could be someone with lower privileges on the stack. I think we need to capture the calling context inside a privileged block.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (FELIX-1285) SecureAction captures the calling
context incorrectly
Posted by "Richard S. Hall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-1285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard S. Hall closed FELIX-1285.
----------------------------------
Resolution: Fixed
I committed a fix for this.
> SecureAction captures the calling context incorrectly
> -----------------------------------------------------
>
> Key: FELIX-1285
> URL: https://issues.apache.org/jira/browse/FELIX-1285
> Project: Felix
> Issue Type: Bug
> Components: Framework
> Affects Versions: felix-1.8.1
> Reporter: Richard S. Hall
> Assignee: Richard S. Hall
> Fix For: felix-2.0.0
>
>
> In SecureAction we capture the calling context for optimization purposes, but the context captures the current stack no matter who is on the stack. Since the whole point of SecureAction is to allow the framework to perform sensitive operations without worrying about who is on the call stack, this seems to be a bug since there could be someone with lower privileges on the stack. I think we need to capture the calling context inside a privileged block.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (FELIX-1285) SecureAction captures the calling
context incorrectly
Posted by "Richard S. Hall (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/FELIX-1285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard S. Hall reassigned FELIX-1285:
--------------------------------------
Assignee: Richard S. Hall (was: Karl Pauls)
> SecureAction captures the calling context incorrectly
> -----------------------------------------------------
>
> Key: FELIX-1285
> URL: https://issues.apache.org/jira/browse/FELIX-1285
> Project: Felix
> Issue Type: Bug
> Components: Framework
> Affects Versions: felix-1.8.1
> Reporter: Richard S. Hall
> Assignee: Richard S. Hall
> Fix For: felix-2.0.0
>
>
> In SecureAction we capture the calling context for optimization purposes, but the context captures the current stack no matter who is on the stack. Since the whole point of SecureAction is to allow the framework to perform sensitive operations without worrying about who is on the call stack, this seems to be a bug since there could be someone with lower privileges on the stack. I think we need to capture the calling context inside a privileged block.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.