[
https://issues.apache.org/jira/browse/DERBY-6631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Knut Anders Hatlen updated DERBY-6631:
--------------------------------------
Attachment: d6631-1b-setThreadPriority.diff
Attaching [^d6631-1b-setThreadPriority.diff] which adjusts the approach in the
1a patch. The call to Thread.setPriority() is moved out of FileMonitor, since
one doesn't really need the monitor to set the priority. The only thing the
monitor was needed for, was to check if the thread was originally created by
FileMonitor's getDaemonThread() method. A new method (isDaemonThread(Thread))
is added to provide that functionality. That method does not perform any
privileged operations, so it should be safe to keep it as a public method.
> FileMonitor can be used to elevate an application's privileges
> --------------------------------------------------------------
>
> Key: DERBY-6631
> URL: https://issues.apache.org/jira/browse/DERBY-6631
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.1.1
> Reporter: Rick Hillegas
> Attachments: d6631-1a-setThreadPriority.diff,
> d6631-1b-setThreadPriority.diff
>
>
> Various vulnerabilities in FileMonitor allow applications to perform
> security-sensitive operations with the elevated privileges granted to Derby:
> getDaemonThread() - The application can call this method in order to create
> threads, using Derby's elevated privileges.
> getJVMProperty() - The application can call this in order to read system
> properties using Derby's elevated privileges.
> setThreadPriority() - The application can call this method to change the
> priority of a daemon thread it has created. This call will execute with
> Derby's elevated privileges.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
