[
https://issues.apache.org/jira/browse/DERBY-6617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas updated DERBY-6617:
---------------------------------
Attachment: derby-6617-04-aa-platformSpecificErrorText.diff
Attaching derby-6617-04-aa-platformSpecificErrorText.diff. This makes
MissingPermissionsTest look for different error text on Java 6.
On Java 7 and above, certain names are double-quoted. Those names aren't
double-quoted on Java 6.
The test runs cleanly for me on Java 8. And it has run cleanly for me on Java
6. However, it also failed for a different reason during an initial run on Java
6. This suggests to me that there is still an instability in this test.
Touches the following files:
M
java/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.java
M java/testing/org/apache/derbyTesting/junit/BaseTestCase.java
> Silently swallowed SecurityExceptions may disable Derby features, including
> security features.
> ----------------------------------------------------------------------------------------------
>
> Key: DERBY-6617
> URL: https://issues.apache.org/jira/browse/DERBY-6617
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.0.0
> Reporter: Rick Hillegas
> Assignee: Dag H. Wanvik
> Attachments: derby-6617-04-aa-platformSpecificErrorText.diff,
> derby-6617-1.diff, derby-6617-2.diff, derby-6617-2.status, derby-6617-3.diff,
> derby-6617-3.status, derby-6617-junit.diff, fix-test.diff
>
>
> When the Monitor tries to read Derby properties, it silently swallows
> SecurityExceptions. This means that the properties will be silently ignored
> if Derby has not been granted sufficient privileges. This means that if you
> make a mistake crafting your security policy, then you may disable
> authentication and authorization. You may not realize this until you have
> incurred a security breach. This swallowing occurs at the following code
> locations:
> {noformat}
> org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties
> Catch java.lang.SecurityException 1 line 1360
> org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch
> java.lang.SecurityException 0 line 280
> org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch
> java.lang.SecurityException 1 line 183
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
> java.lang.SecurityException 1 line 120
> {noformat}
> SecurityExceptions are swallowed at other locations in the Monitor. The
> implications of these swallowings should be understood and, at a minimum,
> security problems should be fixed:
> {noformat}
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
> java.lang.SecurityException 1 line 157
> org.apache.derby.impl.services.monitor.FileMonitor createDaemonGroup Catch
> java.lang.SecurityException 1 line 89
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
