[jira] Updated: (DERBY-709) SecurityException thrown when passing a relative path name when backing up database

Thu, 23 Feb 2006 14:38:59 -0800 

     [ http://issues.apache.org/jira/browse/DERBY-709?page=all ]

Suresh Thalamati updated DERBY-709:
-----------------------------------

    Attachment: derby-709.diff

DERBY-709:
-- Removed the requirement for read permission on "user.dir" for backup to
run under security manager. Absolute Path were used only to log into backup
history file. Changed it to log canonical paths only if it can be obtainer
,otherwise only relative paths are written to the backup history file. 
  
-- Added a missing privileged blocks to the save service.properties file into 
the backup. 

-- Added  privileged blocks for  test util file functions that are called 
   through SQL functions/procedures.
   
-- Enabled some of the tests which were not running under security manager 
   earlier because of this bug to run by default with security manager. 
   
Backup tests that test backup with jar Operations still can not be run under 
security
manager due to bug DERBY-537. 
 

TESTS : derbyall test suite passed on Windows XP/JDK142

It would be great if some can review and commit this patch. 

svn stat:

M      
java\engine\org\apache\derby\impl\services\monitor\StorageFactoryService.java
M      java\engine\org\apache\derby\impl\store\raw\RawStore.java
M      java\engine\org\apache\derby\iapi\reference\MessageId.java
M      java\engine\org\apache\derby\loc\messages_en.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\storetests\st_1_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\OnlineBackupTest1_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\onlineBackupTest2_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\rollForwardBackup_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\RecoveryAfterBackup_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\BackupPathTests_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\backupRestore_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\RecoveryAfterBackupSetup_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\encryptionKey_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\backupRestore1_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\logDevice_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\OnlineBackupTest3_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\onlineBackupTest4_app.properties
M      
java\testing\org\apache\derbyTesting\functionTests\tests\store\rollForwardRecovery_app.properties
M      java\testing\org\apache\derbyTesting\functionTests\util\FTFileUtil.java


> SecurityException thrown when passing a relative path name when backing up 
> database
> -----------------------------------------------------------------------------------
>
>          Key: DERBY-709
>          URL: http://issues.apache.org/jira/browse/DERBY-709
>      Project: Derby
>         Type: Bug
>   Components: Store, Security
>     Versions: 10.2.0.0, 10.1.1.0, 10.0.2.0
>     Reporter: Daniel John Debrunner
>     Assignee: Suresh Thalamati
>     Priority: Minor
>  Attachments: derby-709.diff
>
> CALL SYSCS_UTIL.SYSCS_BACKUP_DATABASE('extinout/bkup1');
> ERROR 38000: The exception 'java.security.AccessControlException: access 
> denied
> (java.util.PropertyPermission user.dir read)' was thrown while evaluating an 
> exp
> ression)
> Can be seen in the store/encryptionKey.sql test, modify the _app.properties 
> file to enable the security manager.
> Due to logging messages using File.getCanonicalPath in RawStore.java, lines 
> 675 and 686.
> Possible solutions:
>   - use a privileged block and required user.dir permission granted to 
> user.dir to backup to a relative directory
>   - use a privileged block,if a security exception is thrown then just 
> display the relative name, otherwise display the full name. This would allow 
> backups to succeed without requiring granting additional permissions to 
> derby.jar
>   - just log the relative path

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to