[
https://issues.apache.org/jira/browse/DERBY-6617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Knut Anders Hatlen updated DERBY-6617:
--------------------------------------
Attachment: exit-subprocess.diff
The attached patch [^exit-subprocess.diff] makes the test close the standard
input of the forked ij process so that it has more time to exit normally before
destroy() is called. Also, the timeout value given to complete() is increased
from three seconds to two minutes to reduce the chance of instabilities on slow
machines.
That change fixed the heisenbug on a Windows machine where I was able to
reproduce it reliably without the patch. However, the test still failed because
of another error. When the log is scanned for a particular error message, we
don't find it on Windows because the path name is different (backslash vs
forward slash). The patch therefore also changes these checks to use a regular
expression which accepts variations both in quoting and in directory separators.
MissingPermissionsTest now passes in my environment on both Linux and Windows,
and with JDK 6, 7 and 8.
> Silently swallowed SecurityExceptions may disable Derby features, including
> security features.
> ----------------------------------------------------------------------------------------------
>
> Key: DERBY-6617
> URL: https://issues.apache.org/jira/browse/DERBY-6617
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.0.0
> Reporter: Rick Hillegas
> Assignee: Dag H. Wanvik
> Attachments: derby-6617-04-aa-platformSpecificErrorText.diff,
> derby-6617-1.diff, derby-6617-2.diff, derby-6617-2.status, derby-6617-3.diff,
> derby-6617-3.status, derby-6617-junit.diff, exit-subprocess.diff,
> fix-test.diff
>
>
> When the Monitor tries to read Derby properties, it silently swallows
> SecurityExceptions. This means that the properties will be silently ignored
> if Derby has not been granted sufficient privileges. This means that if you
> make a mistake crafting your security policy, then you may disable
> authentication and authorization. You may not realize this until you have
> incurred a security breach. This swallowing occurs at the following code
> locations:
> {noformat}
> org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties
> Catch java.lang.SecurityException 1 line 1360
> org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch
> java.lang.SecurityException 0 line 280
> org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch
> java.lang.SecurityException 1 line 183
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
> java.lang.SecurityException 1 line 120
> {noformat}
> SecurityExceptions are swallowed at other locations in the Monitor. The
> implications of these swallowings should be understood and, at a minimum,
> security problems should be fixed:
> {noformat}
> org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch
> java.lang.SecurityException 1 line 157
> org.apache.derby.impl.services.monitor.FileMonitor createDaemonGroup Catch
> java.lang.SecurityException 1 line 89
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
