[
https://issues.apache.org/jira/browse/DERBY-6619?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14109286#comment-14109286
]
Dag H. Wanvik edited comment on DERBY-6619 at 8/25/14 4:40 PM:
---------------------------------------------------------------
Uploading [^derby-6619-2b.diff]. Added an action in the setUp method of the new
decorator ClassLoaderTestSetup to shutdown the engine, so we can be sure the
Derby classes are all loaded with the new class loader (the lack thereof
revealed by the regression suite).
was (Author: dagw):
Uploading [^derby-6619-2b]. Added an action in the setUp method of the new
decorator ClassLoaderTestSetup to shutdown the engine, so we can be sure the
Derby classes are all loaded with the new class loader (the lack thereof
revealed by the regression suite).
> After silently swallowing SecurityExceptions, Derby can leak class loaders
> --------------------------------------------------------------------------
>
> Key: DERBY-6619
> URL: https://issues.apache.org/jira/browse/DERBY-6619
> Project: Derby
> Issue Type: Bug
> Components: Services
> Reporter: Rick Hillegas
> Assignee: Dag H. Wanvik
> Fix For: 10.11.1.2, 10.12.0.0
>
> Attachments: derby-6619-2.diff, derby-6619-2b.diff, derby-6619.diff,
> derby-6619.status, derby-6619b.diff, derby-6619c.diff, derby.log,
> system-loader.diff
>
>
> As part of the fix for DERBY-3745, Derby silently swallows security
> exceptions and leaks class loaders. This can give rise to denial-of-service
> attacks. At a minimum, Derby should report the swallowed exceptions so that
> the security policy can be corrected and the application can be hardened
> against this attack. The swallowing occurs at these locations:
> {noformat}
> org.apache.derby.impl.services.timer.SingletonTimerFactory run Catch
> java.lang.SecurityException 0 line 175
> org.apache.derby.impl.services.timer.SingletonTimerFactory run Catch
> java.lang.SecurityException 1 line 158
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
