[jira] Updated: (DERBY-709) SecurityException thrown when passing a relative path name when backing up database

Tue, 28 Feb 2006 14:57:42 -0800 

     [ http://issues.apache.org/jira/browse/DERBY-709?page=all ]

Suresh Thalamati updated DERBY-709:
-----------------------------------

    Attachment: derby-709_latest.diff

This pach (derby-709_latest.diff)  fixes the  problems appreared with earlier 
patch when tests are run againest JARS. 

--- correctly catch the Security Exception  when  there is no permission to get 
a canonical path. 
---  Modified the deryb_tests.plocy to allow deltes in  
${user.dir}${/}extinout${/}-    ., 
      It is needed because , backup tests deletes the old copy of the backup  
at the backup location.
---  set noSecurityManager = true for the tests that can not  be run under 
security manager due to bug : 1066
---  changes st_1   properties to use external  tests dirs ,  so  that  tests 
does not required  "user.dir" permission to create 
     parent  directories for the backup paths. 

TESTS:  storeall, encryptionAll passed.  on Jdk142/WindowsXP;   

It would be great if  some one can review and commit this patch. 

Thanks
-suresht


> SecurityException thrown when passing a relative path name when backing up 
> database
> -----------------------------------------------------------------------------------
>
>          Key: DERBY-709
>          URL: http://issues.apache.org/jira/browse/DERBY-709
>      Project: Derby
>         Type: Bug
>   Components: Store, Security
>     Versions: 10.2.0.0, 10.1.1.0, 10.0.2.0
>     Reporter: Daniel John Debrunner
>     Assignee: Suresh Thalamati
>     Priority: Minor
>  Attachments: derby-709.diff, derby-709_latest.diff
>
> CALL SYSCS_UTIL.SYSCS_BACKUP_DATABASE('extinout/bkup1');
> ERROR 38000: The exception 'java.security.AccessControlException: access 
> denied
> (java.util.PropertyPermission user.dir read)' was thrown while evaluating an 
> exp
> ression)
> Can be seen in the store/encryptionKey.sql test, modify the _app.properties 
> file to enable the security manager.
> Due to logging messages using File.getCanonicalPath in RawStore.java, lines 
> 675 and 686.
> Possible solutions:
>   - use a privileged block and required user.dir permission granted to 
> user.dir to backup to a relative directory
>   - use a privileged block,if a security exception is thrown then just 
> display the relative name, otherwise display the full name. This would allow 
> backups to succeed without requiring granting additional permissions to 
> derby.jar
>   - just log the relative path

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply via email to