[
https://issues.apache.org/jira/browse/DERBY-3086?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12540307
]
Kathey Marsden commented on DERBY-3086:
---------------------------------------
Thanks Rick for looking at this issue. I think requiring write access to this
property is going to introduce an incompatible change.
+ if ( PropertyUtil.getSystemProperty( Property.DRDA_PROP_TRACEDIRECTORY
) == null )
+ { System.setProperty( Property.DRDA_PROP_TRACEDIRECTORY,
PropertyUtil.getSystemProperty( Property.SYSTEM_HOME_PROPERTY ) ); }
+
The reason sysinfo is in all the jars I believe is so that if you have any of
the jars in your classpath, you will get valid sysinfo output. For example a
client configuration would require only derbyclient.jar so would need access to
sysinfo through that jar.
> The server policy needs to grant derbynet.jar more permissions so that
> sysinfo and drda tracing will work
> ---------------------------------------------------------------------------------------------------------
>
> Key: DERBY-3086
> URL: https://issues.apache.org/jira/browse/DERBY-3086
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.3.1.4
> Reporter: Rick Hillegas
> Assignee: Rick Hillegas
> Attachments: derby-3086-01-morePermissions-aa.diff
>
>
> More permissions need to be granted to derbynet.jar in the server.policy
> file. David van Couvering reports that if you bring up the server and run the
> following command:
> java -jar derbyrun.jar server sysinfo
> then you get security exceptions as the sysinfo code, running inside the
> network jarball tries to read user.dir, user.home, user.name, java.home, and
> java.class.path.
> Kathey Marsden reports that if you try to run the network server with drda
> tracing turned on, then you get security exceptions when the server tries to
> open the trace log file.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
