Rats, you are correct. I'll commit a patch right now. Could you build the security provider from trunk and see whether it works for you now (it does for me)?
regards, Karl On Wed, Nov 2, 2011 at 11:12 PM, Karl Pauls <[email protected]> wrote: > After looking at it for a bit, I agree, it seems there is a bug > somewhere. I'll investigate (again, feel free to create a JIRA issue). > > regards, > > Karl > > On Wed, Nov 2, 2011 at 4:32 PM, Karl Pauls <[email protected]> wrote: >> Hi, >> >> could you create a jira issue for tracking this and if so maybe attach >> a reproducible scenario? >> >> Thanks. >> >> regards, >> >> Karl >> >> On Wed, Nov 2, 2011 at 3:19 PM, Michael Grammling >> <[email protected]> wrote: >>> Hi there, >>> >>> it seems that there is a security problem in the "Framework Security" module >>> of Felix. >>> I have full access to the bundle cache directory from each bundle. >>> >>> Expectation: I should only get full access to the data storage of the bundle >>> itself. >>> Actually I was able to create files from Bundle 25 inside the data storage >>> of Bundle 0. >>> I even could delete the whole directory of Bundle 0. >>> >>> I checked the same with Knopflerfish which does this check correctly. >>> >>> Do I have to set more configuration parameters? >>> The OSGi specification defines that the framework should grant access to the >>> bundle's data storage. >>> >>> Best regards, >>> Michael >>> >>> >> >> >> >> -- >> Karl Pauls >> [email protected] >> http://twitter.com/karlpauls >> http://www.linkedin.com/in/karlpauls >> https://profiles.google.com/karlpauls >> > > > > -- > Karl Pauls > [email protected] > http://twitter.com/karlpauls > http://www.linkedin.com/in/karlpauls > https://profiles.google.com/karlpauls > -- Karl Pauls [email protected] http://twitter.com/karlpauls http://www.linkedin.com/in/karlpauls https://profiles.google.com/karlpauls
