[
https://issues.apache.org/jira/browse/DERBY-6648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas updated DERBY-6648:
---------------------------------
Attachment: derby-6648-03-aa-monitor.diff
Attaching derby-6648-03-aa-monitor.diff. This patch adds a check for
usederbyinternals permission to most of the public static methods in Monitor.
This patch is not ready to commit. I need to add a test to verify that user
code can't call the newly protected methods. I have hand-verified this for one
of the methods. First, though, I want to run the full tests to see if I've
missed some spots which need doPrivileged blocks.
This patch makes these changes:
1) Calls SecurityUtil.checkDerbyInternalsPrivilege() at the start of sensitive
public static methods.
2) Wraps doPrivileged blocks around the callers of those methods, both in the
product and in the tests.
Touches the following files:
--------------
M java/storeless/org/apache/derby/impl/storeless/StorelessDatabase.java
M java/engine/org/apache/derby/iapi/sql/dictionary/SPSDescriptor.java
M
java/engine/org/apache/derby/iapi/sql/dictionary/ConglomerateDescriptor.java
M
java/engine/org/apache/derby/iapi/sql/dictionary/DataDescriptorGenerator.java
M java/engine/org/apache/derby/iapi/jdbc/DRDAServerStarter.java
M java/engine/org/apache/derby/iapi/jdbc/JDBCBoot.java
M java/engine/org/apache/derby/iapi/services/context/SystemContext.java
M java/engine/org/apache/derby/iapi/services/property/PropertyUtil.java
M java/engine/org/apache/derby/iapi/services/monitor/Monitor.java
M java/engine/org/apache/derby/iapi/types/DataValueFactoryImpl.java
M java/engine/org/apache/derby/impl/sql/GenericLanguageFactory.java
M
java/engine/org/apache/derby/impl/sql/compile/ConstraintDefinitionNode.java
M java/engine/org/apache/derby/impl/sql/conn/GenericStatementContext.java
M
java/engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionFactory.java
M java/engine/org/apache/derby/impl/sql/execute/JarUtil.java
M java/engine/org/apache/derby/impl/sql/execute/BaseActivation.java
M
java/engine/org/apache/derby/impl/sql/execute/GenericExecutionFactory.java
M java/engine/org/apache/derby/impl/sql/GenericPreparedStatement.java
M java/engine/org/apache/derby/impl/sql/catalog/DropDependencyFilter.java
M java/engine/org/apache/derby/impl/sql/catalog/DataDictionaryImpl.java
M java/engine/org/apache/derby/impl/sql/catalog/DD_Version.java
M
java/engine/org/apache/derby/impl/jdbc/authentication/NativeAuthenticationServiceImpl.java
M
java/engine/org/apache/derby/impl/jdbc/authentication/AuthenticationServiceBase.java
M java/engine/org/apache/derby/impl/jdbc/EmbedDatabaseMetaData.java
M java/engine/org/apache/derby/impl/jdbc/LOBStreamControl.java
M java/engine/org/apache/derby/impl/jdbc/EmbedConnection.java
M java/engine/org/apache/derby/impl/services/cache/ConcurrentCache.java
M java/engine/org/apache/derby/impl/services/daemon/BasicDaemon.java
M
java/engine/org/apache/derby/impl/services/daemon/SingleThreadDaemonFactory.java
M
java/engine/org/apache/derby/impl/services/daemon/IndexStatisticsDaemonImpl.java
M java/engine/org/apache/derby/impl/services/reflect/DatabaseClasses.java
M java/engine/org/apache/derby/impl/services/reflect/UpdateLoader.java
M java/engine/org/apache/derby/impl/services/uuid/BasicUUIDFactory.java
M java/engine/org/apache/derby/impl/services/monitor/BaseMonitor.java
M
java/engine/org/apache/derby/impl/services/monitor/StorageFactoryService.java
M java/engine/org/apache/derby/impl/services/stream/SingleStream.java
M java/engine/org/apache/derby/impl/services/bytecode/BCJava.java
M java/engine/org/apache/derby/impl/services/jmx/JMXManagementService.java
M java/engine/org/apache/derby/impl/db/SlaveDatabase.java
M java/engine/org/apache/derby/impl/db/BasicDatabase.java
M java/engine/org/apache/derby/impl/db/DatabaseContextImpl.java
M
java/engine/org/apache/derby/impl/store/access/sort/ExternalSortFactory.java
M
java/engine/org/apache/derby/impl/store/access/btree/index/B2IFactory.java
M java/engine/org/apache/derby/impl/store/access/PropertyConglomerate.java
M java/engine/org/apache/derby/impl/store/access/RAMAccessManager.java
M
java/engine/org/apache/derby/impl/store/access/heap/HeapConglomerateFactory.java
M java/engine/org/apache/derby/impl/store/raw/xact/XactFactory.java
M java/engine/org/apache/derby/impl/store/raw/log/LogToFile.java
M java/engine/org/apache/derby/impl/store/raw/RawStore.java
M
java/engine/org/apache/derby/impl/store/raw/data/BaseDataFileFactory.java
M
java/engine/org/apache/derby/impl/store/raw/data/StreamFileContainer.java
M java/engine/org/apache/derby/impl/store/raw/data/FileContainer.java
M java/engine/org/apache/derby/impl/store/raw/data/D_DiagnosticUtil.java
M java/engine/org/apache/derby/jdbc/BasicEmbeddedDataSource40.java
M java/engine/org/apache/derby/jdbc/ResourceAdapterImpl.java
M java/engine/org/apache/derby/jdbc/XATransactionState.java
M java/engine/org/apache/derby/jdbc/InternalDriver.java
M java/engine/org/apache/derby/mbeans/Management.java
M java/optional/org/apache/derby/optional/lucene/LuceneSupport.java
M java/drda/org/apache/derby/impl/drda/NetworkServerControlImpl.java
M java/drda/org/apache/derby/impl/drda/DRDAConnThread.java
M java/testing/org/apache/derbyTesting/unitTests/crypto/T_Cipher.java
M java/testing/org/apache/derbyTesting/unitTests/harness/UnitTestMain.java
M
java/testing/org/apache/derbyTesting/unitTests/harness/BasicUnitTestManager.java
M
java/testing/org/apache/derbyTesting/unitTests/services/T_LockFactory.java
M
java/testing/org/apache/derbyTesting/unitTests/services/T_CacheService.java
M
java/testing/org/apache/derbyTesting/unitTests/services/T_DaemonService.java
M
java/testing/org/apache/derbyTesting/unitTests/services/T_UUIDFactory.java
M java/testing/org/apache/derbyTesting/unitTests/store/T_b2i.java
M java/testing/org/apache/derbyTesting/unitTests/store/T_Heap.java
M
java/testing/org/apache/derbyTesting/unitTests/store/T_FileSystemData.java
M
java/testing/org/apache/derbyTesting/unitTests/store/T_RecoverBadLog.java
M
java/testing/org/apache/derbyTesting/unitTests/store/T_AccessFactory.java
M
java/testing/org/apache/derbyTesting/unitTests/store/T_RecoverFullLog.java
M java/testing/org/apache/derbyTesting/unitTests/store/T_StreamFile.java
M
java/testing/org/apache/derbyTesting/unitTests/store/T_SortController.java
M java/testing/org/apache/derbyTesting/unitTests/store/T_Recovery.java
M
java/testing/org/apache/derbyTesting/unitTests/store/T_RawStoreFactory.java
M java/testing/org/apache/derbyTesting/unitTests/store/T_XA.java
M java/testing/org/apache/derbyTesting/unitTests/util/MsgTrace.java
> Application code should not be able to call ContextService.getContextOrNull()
> -----------------------------------------------------------------------------
>
> Key: DERBY-6648
> URL: https://issues.apache.org/jira/browse/DERBY-6648
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.1.1
> Reporter: Rick Hillegas
> Assignee: Rick Hillegas
> Attachments: derby-6648-01-aa-oneActionList.diff,
> derby-6648-01-ab-rototill1.diff, derby-6648-01-ad-rototill1.diff,
> derby-6648-01-ae-regressionTests.diff,
> derby-6648-02-aa-packagePrivateTests.diff, derby-6648-03-aa-monitor.diff,
> releaseNote.html
>
>
> By calling ContextService.getContextOrNull() (and its relatives), application
> code can get its hands on all sorts of internal Derby contexts, factories,
> and managers. This allows application code to bypass SQL authorization checks
> and perform sensitive or data-corrupting actions.
> For instance, right now an application can use this method to get its hands
> on the language connection context. From the lcc, the application can get its
> hands on the data dictionary and the execution transaction. Armed with those
> objects, the application can bypass authorization checks and create schema
> objects, users, and permissions.
> Only Derby code should be able to call this powerful method.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
