[jira] [Updated] (DERBY-6922) Extra permission may be required for user-defined aggregates

Mon, 20 Feb 2017 14:09:06 -0800 

     [ 
https://issues.apache.org/jira/browse/DERBY-6922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Rick Hillegas updated DERBY-6922:
---------------------------------
    Attachment: derby6922.jar
                Derby6922_Median.java
                Derby6922.java

Attaching Derby6922.java, Derby6922_Median, and derby6922.jar, my naive attempt 
to reproduce this problem. This is what I did:

o Compiled Derby6922_Median and put it in a jar file named derby6922.jar.

o Ran a network server on port 8246. The server came up with the default 
security policy.

o Ran Derby6922 with these arguments:

   java Derby6922 8246 2000000 3000000

The program loads the jar file into the database, then creates a Median 
user-defined aggregate and a table function. The table function will generate a 
lot of two column rows. The aggregate and the table function live in the jar 
file stored in the database. The arguments tell the program to generate 3M rows 
spread across 2M groups and pump them through the aggregate. I would expect 
that the engine would serialize intermediate results to disk, given that many 
groups. However, the program runs cleanly and does not abort for lack of the 
privilege mentioned by this issue. 


> Extra permission may be required for user-defined aggregates
> ------------------------------------------------------------
>
>                 Key: DERBY-6922
>                 URL: https://issues.apache.org/jira/browse/DERBY-6922
>             Project: Derby
>          Issue Type: Bug
>          Components: SQL
>    Affects Versions: 10.12.1.1
>            Reporter: Rick Hillegas
>         Attachments: derby6922.jar, Derby6922.java, Derby6922_Median.java
>
>
> An additional privilege may be needed when running a user-defined aggregate 
> which spills intermediate results to disk. That is a theory raised by 
> discussion on this email thread: 
> http://apache-database.10148.n7.nabble.com/Security-problem-with-ggregate-functions-using-Java-td147236.html
>  The additional privilege needed by the engine jar is:
>   permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
> It is likely that this situation only arises on JVMs up through JDK 8. I 
> believe that JDK 9 has removed many dependencies on Sun classes.
> It would be worthwhile to try running a user-defined aggregate which spills 
> to disk, and to do this while running under a security manager.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to