[
https://issues.apache.org/jira/browse/DERBY-6617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14060625#comment-14060625
]
Rick Hillegas commented on DERBY-6617:
--------------------------------------
Here is the new heisenbug I saw in this test:
{noformat}
There was 1 failure:
1)
testMissingFilePermission(org.apache.derbyTesting.unitTests.junit.MissingPermissionsTest)junit.framework.AssertionFailedError:
subprocess run failed: :Spawned MPT exitCode=143
STDERR:
java.security.policy: error adding Entry:
java.net.MalformedURLException: no protocol: null
The file or directory system/nested could not be created due to a security
exception: java.security.AccessControlException: access denied
(java.io.FilePermission system/nested write).
The file or directory system/nested could not be created due to a security
exception: java.security.AccessControlException: access denied
(java.io.FilePermission system/nested write).
The file or directory system/nested could not be created due to a security
exception: java.security.AccessControlException: access denied
(java.io.FilePermission system/nested write).
STDOUT:
java.lang.NullPointerException
at
org.apache.derby.jdbc.AutoloadedDriver.connect(AutoloadedDriver.java:147)
at java.sql.DriverManager.getConnection(DriverManager.java:582)
at java.sql.DriverManager.getConnection(DriverManager.java:154)
at
org.apache.derby.impl.tools.ij.ConnectionEnv.installConnection(ConnectionEnv.java:213)
at
org.apache.derby.impl.tools.ij.ConnectionEnv.init(ConnectionEnv.java:82)
at
org.apache.derby.impl.tools.ij.utilMain.initFromEnvironment(utilMain.java:179)
at org.apache.derby.impl.tools.ij.Main.<init>(Main.java:244)
at org.apache.derby.impl.tools.ij.Main.getMain(Main.java:196)
at org.apache.derby.impl.tools.ij.Main.mainCore(Main.java:181)
at org.apache.derby.impl.tools.ij.Main.main(Main.java:75)
at org.apache.derby.tools.ij.main(ij.java:59)
ij version 10.11
ij>
at
org.apache.derbyTesting.unitTests.junit.MissingPermissionsTest.testMissingFilePermission(MissingPermissionsTest.java:226)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at
org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:118)
at
org.apache.derbyTesting.junit.BaseJDBCTestCase.runBareOverridable(BaseJDBCTestCase.java:440)
at
org.apache.derbyTesting.junit.BaseJDBCTestCase.runBare(BaseJDBCTestCase.java:457)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at
org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:57)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
FAILURES!!!
Tests run: 3, Failures: 1, Errors: 0
{noformat}
I am inclined to disable this test until it can be stabilized. I don't think
that this test should further delay the creation of a 10.11.1 release candidate.
Other thoughts?
Thanks,
-Rick
> Silently swallowed SecurityExceptions may disable Derby features, including
> security features.
> ----------------------------------------------------------------------------------------------
>
> Key: DERBY-6617
> URL: https://issues.apache.org/jira/browse/DERBY-6617
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.0.0
> Reporter: Rick Hillegas
> Assignee: Dag H. Wanvik
> Attachments: derby-6617-04-aa-platformSpecificErrorText.diff,
> derby-6617-1.diff, derby-6617-2.diff, derby-6617-2.status, derby-6617-3.diff,
> derby-6617-3.status, derby-6617-junit.diff, fix-test.diff
>
>
> When the Monitor tries to read Derby properties, it silently swallows
> SecurityExceptions. This means that the properties will be silently ignored
> if Derby has not been granted sufficient privileges. This means that if you
> make a mistake crafting your security policy, then you may disable
> authentication and authorization. You may not realize this until you have
> incurred a security breach. This swallowing occurs at the following code
> locations:
> {noformat}
> org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties
> Catch java.lang.SecurityException 1 line 1360
> org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch
> java.lang.SecurityException 0 line 280
> org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch
> java.lang.SecurityException 1 line 183
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
> java.lang.SecurityException 1 line 120
> {noformat}
> SecurityExceptions are swallowed at other locations in the Monitor. The
> implications of these swallowings should be understood and, at a minimum,
> security problems should be fixed:
> {noformat}
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
> java.lang.SecurityException 1 line 157
> org.apache.derby.impl.services.monitor.FileMonitor createDaemonGroup Catch
> java.lang.SecurityException 1 line 89
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
