Re: Security problem with ggregate functions using Java

2017-02-20 Thread nicholas walton 
Rick,

Concur with the ij problem, I was caught out by the ij script using DERBY_OPTS 
and picking up the security policy which left it with no permissions. Easy fix.

As for Derby version I’ve upgraded to Apache Derby Network Server - 10.13.1.1 
and that partly fixed things, since before doing that the problem would not go 
away even with the security policy in place. 

Thanks for the help.

Nick

> On 20 Feb 2017, at 15:55, Rick Hillegas  wrote:
> 
> Hi Nicholas,
> 
> I think that the ij permissions problem is a red herring. That problem arises 
> because ij is trying to call System.getProperties() but the security policy 
> does not grant property-reading privilege to derbytools.jar.
> 
> Concerning your original problem: What strikes me as significant is your 
> observation that aggregation worked for a while and then broke. The only big 
> state change which occurs during aggregation is when the processing of a 
> large data set causes the engine to dump intermediate results to a temporary 
> file. Eventually, those results must be de-serialized from the temporary 
> file. It is possible that de-serialization can't instantiate your 
> user-defined aggregate without that extra permission.
> 
> I am afraid that your environment confuses me, though. According to your 
> original message, you are running Derby 10.6.2.1. However, user-defined 
> aggregates were not introduced until Derby 10.10.1.1.
> 
> I have created https://issues.apache.org/jira/browse/DERBY-6922 
>  to investigate the problem 
> raised by this issue.
> 
> Hope this helps,
> -Rick
> 
> On 2/20/17, 1:54 AM, nicholas walton wrote:
>> 
>> Rick,
>> 
>> Neither Netbeans nor ij dumped the stack,  I’m afraid.
>> 
>> The full message is
>> 
>> Error code 3, SQL state 38000: The exception 
>> 'java.security.AccessControlException: access denied 
>> ("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect")' was 
>> thrown while evaluating an expression.
>> Error code 9, SQL state XJ001: Java exception: 'access denied 
>> ("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect"): 
>> java.security.AccessControlException’.
>> Line 1, column 1
>> 
>> Did get it working after a while with the security policy below, but ij will 
>> not now run complaining 
>> 
>> Exception in thread "main" java.security.AccessControlException: access 
>> denied ("java.util.PropertyPermission" "*" "read,write")
>>  at 
>> java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
>>  at java.security.AccessController.checkPermission(AccessController.java:884)
>>  at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
>>  at 
>> java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1262)
>>  at java.lang.System.getProperties(System.java:630)
>>  at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
>>  at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
>>  at java.security.AccessController.doPrivileged(Native Method)
>>  at org.apache.derby.impl.tools.ij.ij.initFromEnvironment(Unknown Source)
>>  at org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(Unknown 
>> Source)
>>  at org.apache.derby.impl.tools.ij.Main.(Unknown Source)
>>  at org.apache.derby.impl.tools.ij.Main.getMain(Unknown Source)
>>  at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
>>  at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
>>  at org.apache.derby.tools.ij.main(Unknown Source)
>> 
>> =
>> 
>> //
>> //   Licensed to the Apache Software Foundation (ASF) under one or more
>> //   contributor license agreements.  See the NOTICE file distributed with
>> //   this work for additional information regarding copyright ownership.
>> //   The ASF licenses this file to You under the Apache License, Version 2.0
>> //   (the "License"); you may not use this file except in compliance with
>> //   the License.  You may obtain a copy of the License at
>> //
>> //  http://www.apache.org/licenses/LICENSE-2.0 
>> 
>> //
>> //   Unless required by applicable law or agreed to in writing, software
>> //   distributed under the License is distributed on an "AS IS" BASIS,
>> //   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
>> //   See the License for the specific language governing permissions and
>> //   limitations under the License.
>> //
>> 
>> // This template policy file gives examples of how to configure the
>> // permissions needed to run a Derby network server with the Java
>> // Security manager.
>> //
>> grant codeBase 
>> "file:///Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/db/lib/derby.jar
>>  
>> "
>> {
>>   // These permissions are needed for everyday, embedded Derby usage.
>>   //
>>   permission java.lang.RuntimePermission

Re: Security problem with ggregate functions using Java

2017-02-20 Thread Rick Hillegas 

Hi Nicholas,

I think that the ij permissions problem is a red herring. That problem 
arises because ij is trying to call System.getProperties() but the 
security policy does not grant property-reading privilege to derbytools.jar.


Concerning your original problem: What strikes me as significant is your 
observation that aggregation worked for a while and then broke. The only 
big state change which occurs during aggregation is when the processing 
of a large data set causes the engine to dump intermediate results to a 
temporary file. Eventually, those results must be de-serialized from the 
temporary file. It is possible that de-serialization can't instantiate 
your user-defined aggregate without that extra permission.


I am afraid that your environment confuses me, though. According to your 
original message, you are running Derby 10.6.2.1. However, user-defined 
aggregates were not introduced until Derby 10.10.1.1.


I have created https://issues.apache.org/jira/browse/DERBY-6922 to 
investigate the problem raised by this issue.


Hope this helps,
-Rick

On 2/20/17, 1:54 AM, nicholas walton wrote:

Rick,

Neither Netbeans nor ij dumped the stack,  I’m afraid.

The full message is

Error code 3, SQL state 38000: The exception 
'java.security.AccessControlException: access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect")' 
was thrown while evaluating an expression.
Error code 9, SQL state XJ001: Java exception: 'access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect"): 
java.security.AccessControlException’.

Line 1, column 1

Did get it working after a while with the security policy below, but 
ij will not now run complaining


Exception in thread "main" java.security.AccessControlException: 
access denied ("java.util.PropertyPermission" "*" "read,write")
at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at 
java.security.AccessController.checkPermission(AccessController.java:884)

at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at 
java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1262)

at java.lang.System.getProperties(System.java:630)
at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.derby.impl.tools.ij.ij.initFromEnvironment(Unknown Source)
at org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(Unknown 
Source)

at org.apache.derby.impl.tools.ij.Main.(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.getMain(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
at org.apache.derby.tools.ij.main(Unknown Source)

=

//
//   Licensed to the Apache Software Foundation (ASF) under one or more
//   contributor license agreements.  See the NOTICE file distributed with
//   this work for additional information regarding copyright ownership.
//   The ASF licenses this file to You under the Apache License, 
Version 2.0

//   (the "License"); you may not use this file except in compliance with
//   the License.  You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
//   Unless required by applicable law or agreed to in writing, software
//   distributed under the License is distributed on an "AS IS" BASIS,
//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 
implied.

//   See the License for the specific language governing permissions and
//   limitations under the License.
//

// This template policy file gives examples of how to configure the
// permissions needed to run a Derby network server with the Java
// Security manager.
//
grant codeBase 
"file:///Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/db/lib/derby.jar"

{
  // These permissions are needed for everyday, embedded Derby usage.
  //
  permission java.lang.RuntimePermission "createClassLoader";
  permission org.apache.derby.security.SystemPermission "engine", 
"usederbyinternals";


  // Next, the permission to read "derby.*" properties is granted to
  // derby.jar. This is necessary for the engine to read derby properties.
  permission java.util.PropertyPermission "derby.*", "read";

  permission java.util.PropertyPermission "user.dir", "read";

  // The next two properties are used to determine if the VM is 32 or 
64 bit.

  //
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
  permission java.util.PropertyPermission "os.arch", "read";
  permission java.io.FilePermission "${derby.system.home}","read";
  permission java.io.FilePermission "${derby.system.home}${/}-",
  "read,write,delete";

  // This permission lets a DBA reload the policy file while the server is
  // still running.

Re: Security problem with ggregate functions using Java

2017-02-20 Thread Bryan Pendleton 
Hello Nick,

The ij code is in derbytools.jar, I believe. Did you define a security
policy that covers derbytools.jar?

In particular, to allow calling System.getProperties, try something like:

grant codeBase "${derbyTesting.codejar}derbytools.jar" {
  // Access all properties using System.getProperties -
  // ij enumerates the properties in order to open connections
  // for any property set in ij.connection.* and set protocols
  // for any property in ij.protocol.*
  permission java.util.PropertyPermission "*", "read, write";

  // Read all files under ${user.dir}
  permission java.io.FilePermission "${user.dir}${/}-", "read";

  // IjTestCases read, write, and delete ij's output in the extinout dir
  permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read,
write, delete";

  // ij needs permission to read the sql files in this jar
  permission java.io.FilePermission "${derbyTesting.testjarpath}", "read";

};

thanks,

bryan

Re: Security problem with ggregate functions using Java

2017-02-20 Thread nicholas walton 
Rick,

Neither Netbeans nor ij dumped the stack,  I’m afraid.

The full message is

Error code 3, SQL state 38000: The exception 
'java.security.AccessControlException: access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect")' was thrown 
while evaluating an expression.
Error code 9, SQL state XJ001: Java exception: 'access denied 
("java.lang.RuntimePermission" "accessClassInPackage.sun.reflect"): 
java.security.AccessControlException’.
Line 1, column 1

Did get it working after a while with the security policy below, but ij will 
not now run complaining 

Exception in thread "main" java.security.AccessControlException: access denied 
("java.util.PropertyPermission" "*" "read,write")
at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at 
java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at 
java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1262)
at java.lang.System.getProperties(System.java:630)
at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
at org.apache.derby.impl.tools.ij.ij$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.derby.impl.tools.ij.ij.initFromEnvironment(Unknown Source)
at org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(Unknown 
Source)
at org.apache.derby.impl.tools.ij.Main.(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.getMain(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.mainCore(Unknown Source)
at org.apache.derby.impl.tools.ij.Main.main(Unknown Source)
at org.apache.derby.tools.ij.main(Unknown Source)

=

//
//   Licensed to the Apache Software Foundation (ASF) under one or more
//   contributor license agreements.  See the NOTICE file distributed with
//   this work for additional information regarding copyright ownership.
//   The ASF licenses this file to You under the Apache License, Version 2.0
//   (the "License"); you may not use this file except in compliance with
//   the License.  You may obtain a copy of the License at
//
//  http://www.apache.org/licenses/LICENSE-2.0
//
//   Unless required by applicable law or agreed to in writing, software
//   distributed under the License is distributed on an "AS IS" BASIS,
//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//   See the License for the specific language governing permissions and
//   limitations under the License.
//

// This template policy file gives examples of how to configure the
// permissions needed to run a Derby network server with the Java
// Security manager.
//
grant codeBase 
"file:///Library/Java/JavaVirtualMachines/jdk1.8.0_60.jdk/Contents/Home/db/lib/derby.jar"
{
  // These permissions are needed for everyday, embedded Derby usage.
  //
  permission java.lang.RuntimePermission "createClassLoader";
  permission org.apache.derby.security.SystemPermission "engine", 
"usederbyinternals";

  // Next, the permission to read "derby.*" properties is granted to
  // derby.jar. This is necessary for the engine to read derby properties.
  permission java.util.PropertyPermission "derby.*", "read";

  permission java.util.PropertyPermission "user.dir", "read";

  // The next two properties are used to determine if the VM is 32 or 64 bit.
  //
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
  permission java.util.PropertyPermission "os.arch", "read";
  permission java.io.FilePermission "${derby.system.home}","read";
  permission java.io.FilePermission "${derby.system.home}${/}-",
  "read,write,delete";

  // This permission lets a DBA reload the policy file while the server is
  // still running. The policy file is reloaded by invoking the
  // SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure.
  //
  permission java.security.SecurityPermission "getPolicy";

  // This permission lets you backup and restore databases to and from
  // arbitrary locations in your file system.
  //
  // This permission also lets you import/export data to and from arbitrary
  // locations in your file system.
  //
  // You may want to restrict this access to specific directories.
  //
  permission java.io.FilePermission "<>", "read,write,delete";

  // Permissions needed for JMX based management and monitoring.
  //
  // Allows this code to create an MBeanServer:
  //
  permission javax.management.MBeanServerPermission "createMBeanServer";

  // Allows access to Derby's built-in MBeans, within the domain
  // org.apache.derby.  Derby must be allowed to register and unregister these
  // MBeans.  It is possible to allow access only to specific MBeans,
  // attributes or operations. To fine tune this