[
https://issues.apache.org/jira/browse/DERBY-6654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas updated DERBY-6654:
---------------------------------
Attachment: derby-6654-01-aa-requireCorrectPackage.diff
Attaching derby-6654-01-aa-requireCorrectPackage.diff. This patch adds a check
to the class loader for generated byte code to verify that the class lives in
the org.apache.derby.exe package. I will run tests.
Touches the following files:
------------
M
java/engine/org/apache/derby/impl/services/reflect/ReflectClassesJava2.java
Added the check.
------------
M
java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
A
java/testing/org/apache/derbyTesting/functionTests/tests/lang/ClassLoadingTest.java
Test for this behavior.
> Require that generated code live in the org.apache.derby.exe package.
> ---------------------------------------------------------------------
>
> Key: DERBY-6654
> URL: https://issues.apache.org/jira/browse/DERBY-6654
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.1.1
> Reporter: Rick Hillegas
> Assignee: Rick Hillegas
> Attachments: derby-6654-01-aa-requireCorrectPackage.diff
>
>
> We require that generated code must implement Activation. This helps prevent
> applications from using Derby's class loaders to load arbitrary classes. We
> should also require that generated code live in the org.apache.derby.exe
> package. This will prevent applications from loading highly privileged code
> using Derby class loaders.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
