Rick Hillegas created DERBY-6632:
------------------------------------
Summary: Applications may be able to use StorageFactoryService to
delete Derby databases and overwrite service.properties.
Key: DERBY-6632
URL: https://issues.apache.org/jira/browse/DERBY-6632
Project: Derby
Issue Type: Bug
Components: Services
Affects Versions: 10.11.0.0
Reporter: Rick Hillegas
Various powerful methods in StorageFactoryService are public. I have not
verified the following with an experiment, but it appears to me that these
methods give any code running in the JVM the ability to elevate privileges to
those granted to Derby and do the following:
1) Delete Derby databases via the following methods:
{noformat}
org.apache.derby.impl.services.monitor.StorageFactoryService createServiceRoot()
org.apache.derby.impl.services.monitor.StorageFactoryService
getServiceProperties()
org.apache.derby.impl.services.monitor.StorageFactoryService
getStorageFactoryInstance()
org.apache.derby.impl.services.monitor.StorageFactoryService removeServiceRoot()
{noformat}
2) Overwrite service.properties via overloads of the following method:
{noformat}
org.apache.derby.impl.services.monitor.StorageFactoryService createServiceRoot()
{noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
