[
https://issues.apache.org/jira/browse/DERBY-6648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rick Hillegas updated DERBY-6648:
---------------------------------
Attachment: derby-6648-03-ab-monitor.diff
Attaching derby-6648-03-ab-monitor.diff. This version of the patch adjusts the
policy files, granting usederbyinternals to the server jar as well. I will run
tests again.
NetworkServerControlImpl needs the usederbyinternals permission because it uses
the Monitor to get the JMX module and register MBeans.
We will need to adjust the release note and the user documentation to flag the
need for this new permission.
Touches the following additional files:
M java/drda/org/apache/derby/drda/server.policy
M java/drda/org/apache/derby/drda/template.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/lang/resultSetReader.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/lang/luceneSupport.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/engine/noDeregisterPermission.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy
M
java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy
M
java/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy
> Application code should not be able to call ContextService.getContextOrNull()
> -----------------------------------------------------------------------------
>
> Key: DERBY-6648
> URL: https://issues.apache.org/jira/browse/DERBY-6648
> Project: Derby
> Issue Type: Bug
> Components: Services
> Affects Versions: 10.11.1.1
> Reporter: Rick Hillegas
> Assignee: Rick Hillegas
> Attachments: derby-6648-01-aa-oneActionList.diff,
> derby-6648-01-ab-rototill1.diff, derby-6648-01-ad-rototill1.diff,
> derby-6648-01-ae-regressionTests.diff,
> derby-6648-02-aa-packagePrivateTests.diff, derby-6648-03-aa-monitor.diff,
> derby-6648-03-ab-monitor.diff, releaseNote.html
>
>
> By calling ContextService.getContextOrNull() (and its relatives), application
> code can get its hands on all sorts of internal Derby contexts, factories,
> and managers. This allows application code to bypass SQL authorization checks
> and perform sensitive or data-corrupting actions.
> For instance, right now an application can use this method to get its hands
> on the language connection context. From the lcc, the application can get its
> hands on the data dictionary and the execution transaction. Armed with those
> objects, the application can bypass authorization checks and create schema
> objects, users, and permissions.
> Only Derby code should be able to call this powerful method.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
