Hi, could you create a jira issue for tracking this and if so maybe attach a reproducible scenario?
Thanks. regards, Karl On Wed, Nov 2, 2011 at 3:19 PM, Michael Grammling <[email protected]> wrote: > Hi there, > > it seems that there is a security problem in the "Framework Security" module > of Felix. > I have full access to the bundle cache directory from each bundle. > > Expectation: I should only get full access to the data storage of the bundle > itself. > Actually I was able to create files from Bundle 25 inside the data storage > of Bundle 0. > I even could delete the whole directory of Bundle 0. > > I checked the same with Knopflerfish which does this check correctly. > > Do I have to set more configuration parameters? > The OSGi specification defines that the framework should grant access to the > bundle's data storage. > > Best regards, > Michael > > -- Karl Pauls [email protected] http://twitter.com/karlpauls http://www.linkedin.com/in/karlpauls https://profiles.google.com/karlpauls
