[jira] [Created] (FELIX-5919) [Configurator] check for ConfigurationPermission instead of ServicePermission

Fri, 24 Aug 2018 14:55:09 -0700 

Christoph Nölle created FELIX-5919:
--------------------------------------

             Summary: [Configurator] check for ConfigurationPermission instead 
of ServicePermission
                 Key: FELIX-5919
                 URL: https://issues.apache.org/jira/browse/FELIX-5919
             Project: Felix
          Issue Type: Bug
          Components: Configurator
    Affects Versions: configurator-1.0.4
            Reporter: Christoph Nölle


The configurator service creates configurations from bundle resources, and the 
resulting configurations are all assigned the location "?", which implies that 
they can be accessed by all bundles which have the appropriate 
ConfigurationPermission with name "?" and action "target". According to the 
ConfigAdmin spec a bundle whishing to create such a config needs 
ConfigurationPermission("?", "configure"). With Configurator, however, this is 
not required, instead it checks for a get-ServicePermission for ConfigAdmin. 
Hence, it can be used to circumvent the ConfigurationAdmin permission check. 

This bug has also made it into the OSGi compendium spec 
([https://osgi.org/specification/osgi.cmpn/7.0.0/service.configurator.html),] 
where it is stated in 150.3.2: 
"The Configurator obtains all configurations with the location value of ? to 
allow the configurations to be received by multiple bundles."
and in 150.8.1:
"Every bundle has the implicit right to receive and configure configurations 
with a location that exactly matches the Bundle's location or that is {{null}}. 
Therefore the extendee does not need to special permissions."

The latter statement does not make sense, because "?" is not a bundle location 
and is not null (see 104.4.1 and 104.4.2 in the ConfigAdmin spec for an 
explanation of "?" and null locations: 
[https://osgi.org/specification/osgi.cmpn/7.0.0/service.cm.html#service.cm-location.binding)|https://osgi.org/specification/osgi.cmpn/7.0.0/service.cm.html#service.cm-location.binding),].
  
Furthermore, the Configurator spec insists that Configurator checks the 
ServicePermission for the bundle, which can be argued makes some sense, because 
the usual way for a bundle to create these configs would be via retrieval of 
the config admin service. On the other hand, this seems to be more an 
implementation detail. Checking the appropriate config permission should be 
sufficient.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to