[jira] Updated: (DERBY-3086) The server policy needs to grant derbynet.jar more permissions so that sysinfo and drda tracing will work

Rick Hillegas (JIRA) Mon, 05 Nov 2007 15:55:10 -0800

     [ 
https://issues.apache.org/jira/browse/DERBY-3086?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rick Hillegas updated DERBY-3086:
---------------------------------

    Attachment: derby-3086-01-morePermissions-aa.diff

Attaching derby-3086-04-morePermissions-aa.diff. This adds more permissions to 
server.policy and template.policy to facilitate server tracing and sysinfo when 
a security manager is installed.

One thing that puzzles me is the fact that sysinfo lives in 3 jar files: 
derbytools.jar, derby.jar, and derbynet.jar. That means that identical 
permissions have to be granted to all three code domains--because you don't 
know what order the jars will appear in the classpath. Is this duplication 
really necessary? Is it a bug that sysinfo lives in 3 jars instead of just one?

This patch touches the following files. Tests must be added later:

M      java/tools/org/apache/derby/impl/tools/sysinfo/Main.java

Adds privileged blocks around system calls.

M      java/drda/org/apache/derby/drda/NetworkServerControl.java

Sets derby.drda.traceDirectory if it isn't already set. This allows us to 
parameterize the corresponding permission grant.

M      java/drda/org/apache/derby/drda/server.policy
M      java/drda/org/apache/derby/drda/template.policy

Additional permission grants.



> The server policy needs to grant derbynet.jar more permissions so that 
> sysinfo and drda tracing will work
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: DERBY-3086
>                 URL: https://issues.apache.org/jira/browse/DERBY-3086
>             Project: Derby
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 10.3.1.4
>            Reporter: Rick Hillegas
>            Assignee: Rick Hillegas
>         Attachments: derby-3086-01-morePermissions-aa.diff
>
>
> More permissions need to be granted to derbynet.jar in the server.policy 
> file. David van Couvering reports that if you bring up the server and run the 
> following command:
> java -jar derbyrun.jar server sysinfo
> then you get security exceptions as the sysinfo code, running inside the 
> network jarball tries to read user.dir, user.home, user.name, java.home, and 
> java.class.path.
> Kathey Marsden reports that  if you try to run the network server with drda 
> tracing turned on, then you get security exceptions when the server tries to 
> open the trace log file.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (DERBY-3086) The server policy needs to grant derbynet.jar more permissions so that sysinfo and drda tracing will work

Reply via email to