[jira] Created: (DERBY-1598) unable to boot exisiting database from network server when running with security manager

Thu, 27 Jul 2006 03:11:38 -0700 

unable to boot exisiting database from network server when running with 
security manager
----------------------------------------------------------------------------------------

                 Key: DERBY-1598
                 URL: http://issues.apache.org/jira/browse/DERBY-1598
             Project: Derby
          Issue Type: Bug
          Components: Store
    Affects Versions: 10.2.0.0
            Reporter: Andreas Korneliussen
            Priority: Blocker


Myrna van Lunteren reported the following:

I ran into the following interesting situation with permissions
granted as per derby_tests.policy, and I'm hoping someone can answer
my questions:
- start networkserver with derby_tests.policy as described in the
remote server testing section of the java/testing/README.htm, but with
-h <srvhostname>
- start an ij session, connect to the server creating a database
- disconnect, exit ij, shutdown networkserver
so far ok
- start networkserver again just like before
- start ij again just like before, connect to the same database again
results in:
ERROR XJ040: DERBY SQL error: SQLCODE: -1, SQLSTATE: XJ040, SQLERRMC:
Failed to start database 'bladb', see the next exception for
details.::SQLSTATE: XJ001Java exception: 'access denied
(java.io.FilePermission
/home/myrna/tsttmp5/srv/bladb/log/logmirror.ctrl read):
java.security.AccessControlException'.

One can dis- and reconnect fine as long as the network server is up,
but once it has been bounced, reconnect fails.

derby.log shows no stack trace, even though the following properties
are set in derby.properties in derby.system.home:
derby.infolog.append=true
derby.language.logStatementText=true
derby.stream.error.logSeverityLevel=0
------------------
...
2006-07-26 23:49:38.402 GMT Thread[DRDAConnThread_3,5,main] (DATABASE
= bladb), (DRDAID = {1}), Failed to start database 'bladb', see the
next exception for details.
2006-07-26 23:49:38.404 GMT Thread[DRDAConnThread_3,5,main] (DATABASE
= bladb), (DRDAID = {1}), Java exception: 'access denied
(java.io.FilePermission
/home/myrna/tsttmp5/srv/bladb/log/logmirror.ctrl read):
java.security.AccessControlException'.
----------------

The error goes away when I add the following permissions to derbynet.jar:
 // all databases under derby.system.home
 permission java.io.FilePermission "${derby.system.home}${/}-",
"read, write, delete";


I have reproduced this problem manually. After adding some tracing calls in 
..drda.Database.makeConnection() I got this stack trace:
java.sql.SQLException: Failed to start database 
'/export/home/tmp/devel/derbydev/testing/testdb', see the next exception for 
details.
        at 
org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:44)
        at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:88)
        at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:94)
        at org.apache.derby.impl.jdbc.Util.generateCsSQLException(Util.java:173)
        at 
org.apache.derby.impl.jdbc.EmbedConnection.newSQLException(EmbedConnection.java:1955)
        at 
org.apache.derby.impl.jdbc.EmbedConnection.bootDatabase(EmbedConnection.java:1619)
        at 
org.apache.derby.impl.jdbc.EmbedConnection.<init>(EmbedConnection.java:216)
        at 
org.apache.derby.impl.jdbc.EmbedConnection30.<init>(EmbedConnection30.java:72)
        at 
org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Driver30.java:73)
        at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:209)
        at 
org.apache.derby.jdbc.AutoloadedDriver.connect(AutoloadedDriver.java:116)
        at org.apache.derby.impl.drda.Database.makeConnection(Database.java:232)
        at 
org.apache.derby.impl.drda.DRDAConnThread.getConnFromDatabaseName(DRDAConnThread.java:1191)
        at 
org.apache.derby.impl.drda.DRDAConnThread.verifyUserIdPassword(DRDAConnThread.java:1169)
        at 
org.apache.derby.impl.drda.DRDAConnThread.parseSECCHK(DRDAConnThread.java:2758)
        at 
org.apache.derby.impl.drda.DRDAConnThread.parseDRDAConnection(DRDAConnThread.java:1031)
        at 
org.apache.derby.impl.drda.DRDAConnThread.processCommands(DRDAConnThread.java:874)
        at 
org.apache.derby.impl.drda.DRDAConnThread.run(DRDAConnThread.java:254)
NEXT Exception follows
java.security.AccessControlException: access denied (java.io.FilePermission 
/export/home/tmp/devel/derbydev/testing/testdb/log/logmirror.ctrl read)
        at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
        at 
java.security.AccessController.checkPermission(AccessController.java:401)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:863)
        at java.io.File.exists(File.java:678)
        at 
org.apache.derby.impl.store.raw.log.LogToFile.boot(LogToFile.java:2987)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1996)
        at 
org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:290)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.startModule(BaseMonitor.java:542)
        at 
org.apache.derby.iapi.services.monitor.Monitor.bootServiceModule(Monitor.java:418)
        at 
org.apache.derby.impl.store.raw.data.BaseDataFileFactory.bootLogFactory(BaseDataFileFactory.java:1761)
        at 
org.apache.derby.impl.store.raw.data.BaseDataFileFactory.setRawStoreFactory(BaseDataFileFactory.java:1217)
        at org.apache.derby.impl.store.raw.RawStore.boot(RawStore.java:373)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1996)
        at 
org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:290)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.startModule(BaseMonitor.java:542)
        at 
org.apache.derby.iapi.services.monitor.Monitor.bootServiceModule(Monitor.java:418)
        at 
org.apache.derby.impl.store.access.RAMAccessManager.boot(RAMAccessManager.java:987)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1996)
        at 
org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:290)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.startModule(BaseMonitor.java:542)
        at 
org.apache.derby.iapi.services.monitor.Monitor.bootServiceModule(Monitor.java:418)
        at 
org.apache.derby.impl.db.BasicDatabase.bootStore(BasicDatabase.java:738)
        at org.apache.derby.impl.db.BasicDatabase.boot(BasicDatabase.java:178)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.boot(BaseMonitor.java:1996)
        at 
org.apache.derby.impl.services.monitor.TopService.bootModule(TopService.java:290)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.bootService(BaseMonitor.java:1831)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.startProviderService(BaseMonitor.java:1697)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.findProviderAndStartService(BaseMonitor.java:1577)
        at 
org.apache.derby.impl.services.monitor.BaseMonitor.startPersistentService(BaseMonitor.java:990)
        at 
org.apache.derby.iapi.services.monitor.Monitor.startPersistentService(Monitor.java:541)
        at 
org.apache.derby.impl.jdbc.EmbedConnection.bootDatabase(EmbedConnection.java:1602)
        at 
org.apache.derby.impl.jdbc.EmbedConnection.<init>(EmbedConnection.java:216)
        at 
org.apache.derby.impl.jdbc.EmbedConnection30.<init>(EmbedConnection30.java:72)
        at 
org.apache.derby.jdbc.Driver30.getNewEmbedConnection(Driver30.java:73)
        at org.apache.derby.jdbc.InternalDriver.connect(InternalDriver.java:209)
        at 
org.apache.derby.jdbc.AutoloadedDriver.connect(AutoloadedDriver.java:116)
        at org.apache.derby.impl.drda.Database.makeConnection(Database.java:232)
        at 
org.apache.derby.impl.drda.DRDAConnThread.getConnFromDatabaseName(DRDAConnThread.java:1191)
        at 
org.apache.derby.impl.drda.DRDAConnThread.verifyUserIdPassword(DRDAConnThread.java:1169)
        at 
org.apache.derby.impl.drda.DRDAConnThread.parseSECCHK(DRDAConnThread.java:2758)
        at 
org.apache.derby.impl.drda.DRDAConnThread.parseDRDAConnection(DRDAConnThread.java:1031)
        at 
org.apache.derby.impl.drda.DRDAConnThread.processCommands(DRDAConnThread.java:874)
        at 
org.apache.derby.impl.drda.DRDAConnThread.run(DRDAConnThread.java:254) 


It seems like the method org.apache.derby.impl.store.raw.log.LogToFile.boot 
calls File.exists() directly, instead of doing it in a privileged block.
So, a fix could possibly be to use privExists(..) as below:

Index: LogToFile.java
===================================================================
--- LogToFile.java      (revision 425403)
+++ LogToFile.java      (working copy)
@@ -2985,7 +2985,7 @@
                     }
                                                
                                        if (checkpointInstant == 
LogCounter.INVALID_LOG_INSTANT &&
-                                                                               
getMirrorControlFileName().exists())
+                                               
privExists(getMirrorControlFileName()))
                     {
                                                checkpointInstant =
                             readControlFile(

I have tested that running with this, I did not get the security exception. 
However, I have not run any other tests on the proposed patch.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to