After looking at it for a bit, I agree, it seems there is a bug somewhere. I'll investigate (again, feel free to create a JIRA issue).
regards, Karl On Wed, Nov 2, 2011 at 4:32 PM, Karl Pauls <[email protected]> wrote: > Hi, > > could you create a jira issue for tracking this and if so maybe attach > a reproducible scenario? > > Thanks. > > regards, > > Karl > > On Wed, Nov 2, 2011 at 3:19 PM, Michael Grammling > <[email protected]> wrote: >> Hi there, >> >> it seems that there is a security problem in the "Framework Security" module >> of Felix. >> I have full access to the bundle cache directory from each bundle. >> >> Expectation: I should only get full access to the data storage of the bundle >> itself. >> Actually I was able to create files from Bundle 25 inside the data storage >> of Bundle 0. >> I even could delete the whole directory of Bundle 0. >> >> I checked the same with Knopflerfish which does this check correctly. >> >> Do I have to set more configuration parameters? >> The OSGi specification defines that the framework should grant access to the >> bundle's data storage. >> >> Best regards, >> Michael >> >> > > > > -- > Karl Pauls > [email protected] > http://twitter.com/karlpauls > http://www.linkedin.com/in/karlpauls > https://profiles.google.com/karlpauls > -- Karl Pauls [email protected] http://twitter.com/karlpauls http://www.linkedin.com/in/karlpauls https://profiles.google.com/karlpauls
