You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <de...@db.apache.org> on 2005/10/14 20:34:46 UTC
[jira] Created: (DERBY-626) Booting embedded engine requires read permission to derby.jar be granted for all code in the stack
Booting embedded engine requires read permission to derby.jar be granted for all code in the stack
--------------------------------------------------------------------------------------------------
Key: DERBY-626
URL: http://issues.apache.org/jira/browse/DERBY-626
Project: Derby
Type: Bug
Components: Security, Services
Versions: 10.1.1.0, 10.2.0.0
Reporter: Daniel John Debrunner
Assigned to: Daniel John Debrunner
Priority: Critical
When running in a security manager the embedded engine uses ClassLoader.getResources() to obtain the set of modules.properties files. This method returns an empty set if running in a security manager and permission has not been granted to read derby.jar to all code in the stack, unless the method is executed in a privileged block.
This is a regression early on in Derby's life and was not caught because of lack of testing under the security manager and was hidden by the need to grant read permission for DERBY-622.
The embedded code does not need this permission to be granted since 'Note: code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so.'
Need to re-factor code to ensure that the call to getResources and opening the resulting URL is all in a privileged block.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
Re: [jira] Created: (DERBY-626) Booting embedded engine requires read
permission to derby.jar be granted for all code in the stack
Posted by "David W. Van Couvering" <Da...@Sun.COM>.
Oh, that's a bad one, thanks for catching this Dan.
Daniel John Debrunner (JIRA) wrote:
> Booting embedded engine requires read permission to derby.jar be granted for all code in the stack
> --------------------------------------------------------------------------------------------------
>
> Key: DERBY-626
> URL: http://issues.apache.org/jira/browse/DERBY-626
> Project: Derby
> Type: Bug
> Components: Security, Services
> Versions: 10.1.1.0, 10.2.0.0
> Reporter: Daniel John Debrunner
> Assigned to: Daniel John Debrunner
> Priority: Critical
>
>
> When running in a security manager the embedded engine uses ClassLoader.getResources() to obtain the set of modules.properties files. This method returns an empty set if running in a security manager and permission has not been granted to read derby.jar to all code in the stack, unless the method is executed in a privileged block.
>
> This is a regression early on in Derby's life and was not caught because of lack of testing under the security manager and was hidden by the need to grant read permission for DERBY-622.
>
> The embedded code does not need this permission to be granted since 'Note: code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so.'
>
> Need to re-factor code to ensure that the call to getResources and opening the resulting URL is all in a privileged block.
>
>
[jira] Resolved: (DERBY-626) Booting embedded engine requires read permission to derby.jar be granted for all code in the stack
Posted by "Daniel John Debrunner (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-626?page=all ]
Daniel John Debrunner resolved DERBY-626:
-----------------------------------------
Fix Version: 10.2.0.0
Resolution: Fixed
Changes for DERBY-615 that enable secuirty manager by default show that the bug is indeed fixed.
Trunk changes merged to 10.1 svn revision 330110.
> Booting embedded engine requires read permission to derby.jar be granted for all code in the stack
> --------------------------------------------------------------------------------------------------
>
> Key: DERBY-626
> URL: http://issues.apache.org/jira/browse/DERBY-626
> Project: Derby
> Type: Bug
> Components: Security, Services
> Versions: 10.1.1.0, 10.2.0.0
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Critical
> Fix For: 10.1.2.1, 10.2.0.0
>
> When running in a security manager the embedded engine uses ClassLoader.getResources() to obtain the set of modules.properties files. This method returns an empty set if running in a security manager and permission has not been granted to read derby.jar to all code in the stack, unless the method is executed in a privileged block.
> This is a regression early on in Derby's life and was not caught because of lack of testing under the security manager and was hidden by the need to grant read permission for DERBY-622.
> The embedded code does not need this permission to be granted since 'Note: code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so.'
> Need to re-factor code to ensure that the call to getResources and opening the resulting URL is all in a privileged block.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (DERBY-626) Booting embedded engine requires read permission to derby.jar be granted for all code in the stack
Posted by "Daniel John Debrunner (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-626?page=all ]
Daniel John Debrunner updated DERBY-626:
----------------------------------------
Fix Version: 10.1.2.1
Will try to merge this to 10.1
> Booting embedded engine requires read permission to derby.jar be granted for all code in the stack
> --------------------------------------------------------------------------------------------------
>
> Key: DERBY-626
> URL: http://issues.apache.org/jira/browse/DERBY-626
> Project: Derby
> Type: Bug
> Components: Security, Services
> Versions: 10.1.1.0, 10.2.0.0
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Critical
> Fix For: 10.1.2.1
>
> When running in a security manager the embedded engine uses ClassLoader.getResources() to obtain the set of modules.properties files. This method returns an empty set if running in a security manager and permission has not been granted to read derby.jar to all code in the stack, unless the method is executed in a privileged block.
> This is a regression early on in Derby's life and was not caught because of lack of testing under the security manager and was hidden by the need to grant read permission for DERBY-622.
> The embedded code does not need this permission to be granted since 'Note: code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so.'
> Need to re-factor code to ensure that the call to getResources and opening the resulting URL is all in a privileged block.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Closed: (DERBY-626) Booting embedded engine requires read
permission to derby.jar be granted for all code in the stack
Posted by "Daniel John Debrunner (JIRA)" <de...@db.apache.org>.
[ http://issues.apache.org/jira/browse/DERBY-626?page=all ]
Daniel John Debrunner closed DERBY-626:
---------------------------------------
> Booting embedded engine requires read permission to derby.jar be granted for all code in the stack
> --------------------------------------------------------------------------------------------------
>
> Key: DERBY-626
> URL: http://issues.apache.org/jira/browse/DERBY-626
> Project: Derby
> Type: Bug
> Components: Security, Services
> Versions: 10.1.1.0, 10.2.0.0
> Reporter: Daniel John Debrunner
> Assignee: Daniel John Debrunner
> Priority: Critical
> Fix For: 10.1.2.1, 10.2.0.0
>
> When running in a security manager the embedded engine uses ClassLoader.getResources() to obtain the set of modules.properties files. This method returns an empty set if running in a security manager and permission has not been granted to read derby.jar to all code in the stack, unless the method is executed in a privileged block.
> This is a regression early on in Derby's life and was not caught because of lack of testing under the security manager and was hidden by the need to grant read permission for DERBY-622.
> The embedded code does not need this permission to be granted since 'Note: code can always read a file from the same directory it's in (or a subdirectory of that directory); it does not need explicit permission to do so.'
> Need to re-factor code to ensure that the call to getResources and opening the resulting URL is all in a privileged block.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira