[ http://issues.apache.org/jira/browse/DERBY-622?page=all ]
Myrna van Lunteren updated DERBY-622:
-------------------------------------
Attachment: DERBY-622_step1.diff
M java\tools\org\apache\derby\impl\tools\sysinfo\Main.java
This patch - DERBY-622_step1.diff - adds privileged blocks around the
getResourceAsStream sections in use.
This is a first step, it didn't have the result I expected. Maybe someone can
review and see if I did something really dumb....
> sysinfo incorrectly requires permission on Derby jar files
> ----------------------------------------------------------
>
> Key: DERBY-622
> URL: http://issues.apache.org/jira/browse/DERBY-622
> Project: Derby
> Type: Bug
> Components: Security, Tools
> Versions: 10.2.0.0
> Reporter: Daniel John Debrunner
> Priority: Minor
> Fix For: 10.2.0.0
> Attachments: DERBY-622_step1.diff
>
> Running the test derbynet/sysinfo.java requires this permission in
> derby_tests.policy, in order to read the jar files.
> permission java.io.FilePermission "${csinfo.codedir}${/}*", "read"
> But according to the Java security specs:
> 'Note: code can always read a file from the same directory it's in (or a
> subdirectory of that directory); it does not need explicit permission to do
> so.'
> Probably means a privileged block is required when accessing the contents of
> the jar files in sysinfo
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
