[ http://issues.apache.org/jira/browse/DERBY-623?page=comments#action_12369497 ]
Daniel John Debrunner commented on DERBY-623: --------------------------------------------- The changes to reading system properties are really outside the scope of this bug. I actually think that the original code should be removed, ideally the debug (sane) server should not behave differently to the non-debug (insane) server. There is already a mechanism that works in both sane and insane for adding additional modules, debug or otherwise. That is having an additional modules.properties in the class path. I believe the code of having system properties set modules should be removed because it can be a security risk, that is enabled by just allowing the derby engine to read system properties. Then malicious code has the possibility to change runtime modules, by setting system properties, such as changing the authentication module to allow any user. That's why the code is not security manager enabled at the moment, though that is not a complete solution, removing the code would be better. > Derby monitor accesses two system properties without using a privileged block > when built sane=true > -------------------------------------------------------------------------------------------------- > > Key: DERBY-623 > URL: http://issues.apache.org/jira/browse/DERBY-623 > Project: Derby > Type: Bug > Components: Services > Versions: 10.2.0.0 > Reporter: Daniel John Debrunner > Assignee: Kristian Waagan > Priority: Minor > Attachments: DERBY-623-1a.diff, DERBY-623-1a.stat, > DERBY-623-2b-javadoc.diff, DERBY-623-2b-javadoc.stat > > When built with sane=true and testing with the jars these permissions are > required to be granted all the way up the stack, currently this means for the > tests granting them to the network server jar. > permission java.util.PropertyPermission "derby.monitor.verbose", "read"; > permission java.util.PropertyPermission "derby.debug.*", "read"; > The engine contains code to read system properties using privileged blocks, > this should be used by the monitor. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
