Sorry...missed the attachment with previous mail.
Deepa
On 10/18/05, Deepa Remesh <[EMAIL PROTECTED]> wrote:
> On 10/17/05, Daniel John Debrunner <[EMAIL PROTECTED]> wrote:
> >
> > If the permission is not required to run the tests then it must not be
> > in the policy file. Otherwise it increases the chance that the
> > permission is being used for some other incorrect purpose by the engine
> > or network server (etc.) and thus allows bugs to be hidden.
> >
> > If some future test needs network tracing and doesn't set
> > derby.system.home then a much safer approach is for that test to set an
> > explicit tracing directory and have write permission on that directory.
> >
> > A permission such as this is much less likely to hide bugs than the
> > second more general version
> >
> > // very specific permission, less likely to be abused accidentally
> > permission java.io.FilePermission
> > "${user.dir}${/}testPropertiesTraceFiles${/}*", "write";
> >
> > // very generic permission, lots of potential to be used accidentally.
> > permission java.io.FilePermission "${user.dir}${/}*", "write";
> >
> > In the future I would like to re-work the current permissions to be more
> > specific, e.g. ensure all test databases are in
> > ${derby.system.home}/db/, this would separate out the permissions used
> > and needed by the engine from the permssions used by the network server.
>
> Thanks Dan for explaining in detail.
>
> I did the following:
> 1. Removed write permission for ${user.dir} from derbynet.jar and
> classes directory.
> 2. Granted permission to derbynet.jar to write to ${derby.system.home}
>
> With these changes, I ran derbyall with sane jars. The test
> jdbcapi/secureUsers1.sql failed in derbynetmats and derbynetclientmats
> becasue it needs permission to write CloudLDAP.out to ${user.dir}. I
> added this permission to derbynet.jar and classes directory. After
> this change, I reran the test jdbcapi/secureUsers1.sql in all
> frameworks with both sane jars and classes. No failures.
>
> I have attached a patch for test policy file with this mail. Here is a
> summary of the patch:
> 1. Removes the following permission from derbynet.jar and classes
> directory. This is not required after the patch for DERBY-375.
> permission java.io.FilePermission "${user.dir}${/}*", "write";
>
> 2. Grants the following permission to derbynet.jar. This is required
> since tracing file location now defaults to ${derby.system.home}. The
> test derbynet/getCurrentProperties.java uses this.
> // tracing files default to derby.system.home,
> derbynet/getCurrentProperties.java
> permission java.io.FilePermission "${derby.system.home}${/}*", "write";
>
> 3. Grants the following permission to derbynet.jar and classes
> directory. This is required by the test jdbcapi/secureUsers1.sql when
> run using sane builds.
> // sane=true, jdbcapi/secureUsers1.sql
> permission java.io.FilePermission "${user.dir}${/}CloudLDAP.out", "write";
>
> Please look into this patch and commit if okay.
>
> Deepa
>
Index: java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
===================================================================
--- java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy (revision 326217)
+++ java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy (working copy)
@@ -50,10 +50,8 @@
permission java.net.SocketPermission "${csinfo.serverhost}", "accept";
permission java.net.SocketPermission "${csinfo.trustedhost}", "accept";
- // tracing files - BUG DERBY-613 default location for tracing
- // file is meant to be ${derby.system.home} but instead is ${user.dir}
- // Changes DERBY-613 may require modifying this permission.
- permission java.io.FilePermission "${user.dir}${/}*", "write";
+ // tracing files default to derby.system.home, derbynet/getCurrentProperties.java
+ permission java.io.FilePermission "${derby.system.home}${/}*", "write";
// BUG DERBY-622 derbynet/sysinfo.java
permission java.io.FilePermission "${csinfo.codedir}${/}*", "read";
@@ -65,6 +63,8 @@
permission java.util.PropertyPermission "derby.monitor.verbose", "read";
permission java.util.PropertyPermission "derby.debug.*", "read";
+ // sane=true, jdbcapi/secureUsers1.sql
+ permission java.io.FilePermission "${user.dir}${/}CloudLDAP.out", "write";
};
//
@@ -85,15 +85,13 @@
permission java.net.SocketPermission "${csinfo.serverhost}", "accept";
permission java.net.SocketPermission "${csinfo.trustedhost}", "accept";
- // tracing files - BUG DERBY-613 default location for tracing
- // file is meant to be ${derby.system.home} but instead is ${user.dir}
- // Changes DERBY-613 may require modifying this permission.
- permission java.io.FilePermission "${user.dir}${/}*", "write";
-
// Import/export and other support files from these locations in tests
permission java.io.FilePermission "${user.dir}${/}extin${/}*", "read";
permission java.io.FilePermission "${user.dir}${/}extinout${/}*", "read, write";
permission java.io.FilePermission "${user.dir}${/}extout${/}*", "write";
+
+ // sane=true, jdbcapi/secureUsers1.sql
+ permission java.io.FilePermission "${user.dir}${/}CloudLDAP.out", "write";
};
