[
https://issues.apache.org/jira/browse/DERBY-6617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dag H. Wanvik updated DERBY-6617:
---------------------------------
Attachment: derby-6617-3.status
derby-6617-3.diff
Attaching patch [^derby-6617-3.diff] which adds reporting of the swallowed
SecurityException in FileMonitor#createDaemonGroup.
To get that printed I also i had to to make sure to dump the temporary log in a
change added to BaseMonitor#runWithState.
Additionally, I discovered that Derby became unbootable if we lack the
modifyThreadGroup permission: the monitor in such an event, lacking a proper
handler, thought it was already initialized so subsequent boot attempts (from a
non-system thread so we wouldn't see the modifyThreadGroup issue) would also
fail. I added a handler to clear the monitor to fix this.
Presently, the new test fixture, testModifyThreadGroup leads to the warning
message being written to the console - it isn't yet asserted upon. I'll add
another test so we can assert the presence of that message on the console
running in a spawned process so we can catch the message.
Not for commit yet, but I'll be out a bit so I post this now so reviewers can
have a look.
> Silently swallowed SecurityExceptions may disable Derby features, including
> security features.
> ----------------------------------------------------------------------------------------------
>
> Key: DERBY-6617
> URL: https://issues.apache.org/jira/browse/DERBY-6617
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.0.0
> Reporter: Rick Hillegas
> Assignee: Dag H. Wanvik
> Attachments: derby-6617-1.diff, derby-6617-2.diff,
> derby-6617-2.status, derby-6617-3.diff, derby-6617-3.status,
> derby-6617-junit.diff
>
>
> When the Monitor tries to read Derby properties, it silently swallows
> SecurityExceptions. This means that the properties will be silently ignored
> if Derby has not been granted sufficient privileges. This means that if you
> make a mistake crafting your security policy, then you may disable
> authentication and authorization. You may not realize this until you have
> incurred a security breach. This swallowing occurs at the following code
> locations:
> {noformat}
> org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties
> Catch java.lang.SecurityException 1 line 1360
> org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch
> java.lang.SecurityException 0 line 280
> org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch
> java.lang.SecurityException 1 line 183
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
> java.lang.SecurityException 1 line 120
> {noformat}
> SecurityExceptions are swallowed at other locations in the Monitor. The
> implications of these swallowings should be understood and, at a minimum,
> security problems should be fixed:
> {noformat}
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
> java.lang.SecurityException 1 line 157
> org.apache.derby.impl.services.monitor.FileMonitor createDaemonGroup Catch
> java.lang.SecurityException 1 line 89
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
