You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Christoph Nölle (JIRA)" <ji...@apache.org> on 2018/08/24 21:55:00 UTC
[jira] [Created] (FELIX-5919) [Configurator] check for
ConfigurationPermission instead of ServicePermission
Christoph Nölle created FELIX-5919:
--------------------------------------
Summary: [Configurator] check for ConfigurationPermission instead of ServicePermission
Key: FELIX-5919
URL: https://issues.apache.org/jira/browse/FELIX-5919
Project: Felix
Issue Type: Bug
Components: Configurator
Affects Versions: configurator-1.0.4
Reporter: Christoph Nölle
The configurator service creates configurations from bundle resources, and the resulting configurations are all assigned the location "?", which implies that they can be accessed by all bundles which have the appropriate ConfigurationPermission with name "?" and action "target". According to the ConfigAdmin spec a bundle whishing to create such a config needs ConfigurationPermission("?", "configure"). With Configurator, however, this is not required, instead it checks for a get-ServicePermission for ConfigAdmin. Hence, it can be used to circumvent the ConfigurationAdmin permission check.
This bug has also made it into the OSGi compendium spec ([https://osgi.org/specification/osgi.cmpn/7.0.0/service.configurator.html),] where it is stated in 150.3.2:
"The Configurator obtains all configurations with the location value of ? to allow the configurations to be received by multiple bundles."
and in 150.8.1:
"Every bundle has the implicit right to receive and configure configurations with a location that exactly matches the Bundle's location or that is {{null}}. Therefore the extendee does not need to special permissions."
The latter statement does not make sense, because "?" is not a bundle location and is not null (see 104.4.1 and 104.4.2 in the ConfigAdmin spec for an explanation of "?" and null locations: [https://osgi.org/specification/osgi.cmpn/7.0.0/service.cm.html#service.cm-location.binding)|https://osgi.org/specification/osgi.cmpn/7.0.0/service.cm.html#service.cm-location.binding),].
Furthermore, the Configurator spec insists that Configurator checks the ServicePermission for the bundle, which can be argued makes some sense, because the usual way for a bundle to create these configs would be via retrieval of the config admin service. On the other hand, this seems to be more an implementation detail. Checking the appropriate config permission should be sufficient.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)