[jira] [Resolved] (FELIX-4652) Security problem with AbstractWebConsolePlugin.spoolResource

Valentin Valchev (JIRA) Thu, 25 Sep 2014 01:16:08 -0700

     [ 
https://issues.apache.org/jira/browse/FELIX-4652?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Valentin Valchev resolved FELIX-4652.
-------------------------------------
    Resolution: Fixed

Fixed in SVN rev.1627478

> Security problem with AbstractWebConsolePlugin.spoolResource
> ------------------------------------------------------------
>
>                 Key: FELIX-4652
>                 URL: https://issues.apache.org/jira/browse/FELIX-4652
>             Project: Felix
>          Issue Type: Bug
>          Components: Web Console
>    Affects Versions: webconsole-4.2.2
>            Reporter: Valentin Valchev
>            Assignee: Valentin Valchev
>             Fix For: webconsole-4.2.4
>
>
> In AbstractWebConsolePlugin.spoolResource() reflection is used to find the 
> method that will actually provide the resource. However, using reflection 
> will require that the web console plugin to have the following permissions:
> (java.lang.RuntimePermission "getClassLoader")
> (java.lang.RuntimePermission "accessDeclaredMembers")
> (java.lang.reflect.ReflectPermission "suppressAccessChecks")
> This is due to some internals of the AbstractWebConsole, which actually 
> should be run in a privileged block.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (FELIX-4652) Security problem with AbstractWebConsolePlugin.spoolResource

Reply via email to