[
https://issues.apache.org/jira/browse/DERBY-6617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14058844#comment-14058844
]
ASF subversion and git services commented on DERBY-6617:
--------------------------------------------------------
Commit 1609717 from [~dagw] in branch 'code/trunk'
[ https://svn.apache.org/r1609717 ]
DERBY-6617 Silently swallowed SecurityExceptions may disable Derby features,
including security features.
Patch derby-6617-2. With reference to the list of issues mentioned in the JIRA,
the following
"silent swallows" are addressed with this patch:
* FileMonitor PBgetJVMProperty Catch java.lang.SecurityException 1 line 183
* FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 120
* FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 157
These are not addressed in code yet:
BaseMonitor readApplicationProperties Catch java.lang.SecurityException 1
line 1360
BaseMonitor runWithState Catch java.lang.SecurityException 0 line 280
FileMonitor createDaemonGroup Catch java.lang.SecurityException 1 line 89
A new test (MissingPermissionsTest) has been added to verify that we
get errors in either derby.log or on the console's standard error
(depending on what's possible) if we see a SecurityException in the
former "silent" swallow location.
In the case of FileMonitor line 157, the boot fails so we show the
error on the console (i.e. standard error). In order for that to
happen, we added a flushing of the temporary in-memory error log,
cf. added call to dumpTempWriter if we fail BaseMonitor#initialize in
console.
> Silently swallowed SecurityExceptions may disable Derby features, including
> security features.
> ----------------------------------------------------------------------------------------------
>
> Key: DERBY-6617
> URL: https://issues.apache.org/jira/browse/DERBY-6617
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.0.0
> Reporter: Rick Hillegas
> Assignee: Dag H. Wanvik
> Attachments: derby-6617-1.diff, derby-6617-2.diff,
> derby-6617-2.status, derby-6617-junit.diff
>
>
> When the Monitor tries to read Derby properties, it silently swallows
> SecurityExceptions. This means that the properties will be silently ignored
> if Derby has not been granted sufficient privileges. This means that if you
> make a mistake crafting your security policy, then you may disable
> authentication and authorization. You may not realize this until you have
> incurred a security breach. This swallowing occurs at the following code
> locations:
> {noformat}
> org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties
> Catch java.lang.SecurityException 1 line 1360
> org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch
> java.lang.SecurityException 0 line 280
> org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch
> java.lang.SecurityException 1 line 183
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
> java.lang.SecurityException 1 line 120
> {noformat}
> SecurityExceptions are swallowed at other locations in the Monitor. The
> implications of these swallowings should be understood and, at a minimum,
> security problems should be fixed:
> {noformat}
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
> java.lang.SecurityException 1 line 157
> org.apache.derby.impl.services.monitor.FileMonitor createDaemonGroup Catch
> java.lang.SecurityException 1 line 89
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
