I never quite understood why that permission was needed for Package
Admin resolveBundles() and, so, don't understand why it's a security
hole to have a bundle resolved when its start(), findEntries(), etc.,
methods are called.
Regards,
Alan
On Sep 3, 2008, at 2:20 PM, Thomas Watson wrote:
According to the specification this is incorrect behavior. But I
think the specification needs to be clarified. There seems to be a
security hole to allow Bundle.start() to resolve a bundle when the
caller does not have permission to resolve a bundle.
Tom
<graycol.gif>Costin Leau ---08/29/2008 07:57:42 AM---Hi,
<ecblank.gif>
From: <ecblank.gif>
Costin Leau <[EMAIL PROTECTED]>
<ecblank.gif>
To: <ecblank.gif>
OSGi Developer Mail List <[email protected]>
<ecblank.gif>
Date: <ecblank.gif>
08/29/2008 07:57 AM
<ecblank.gif>
Subject: <ecblank.gif>
[osgi-dev] bundle.start and PackageAdmin permission
Hi,
With Equinox 3.2.2, in order to start a bundle with a security manager
on, the starting entity needs to have AdminPermission[System
Bundle,RESOLVE] (i.e. the permission to use the PackageAdmin) in
addition the the AdminPermission[bundle,EXECUTE]
Is this expected or not? By looking at the code path, starting a
bundle
causes a check on the package admin on whether the bundle has been
resolved or not which, in effect, triggers the permission check for
the
RESOLVE permission.
The spec however, indicates that to start a bundle, only
AdminPermission[bundle,EXECUTE] is needed and makes no mention on
RESOLVE.
Thanks,
--
Costin
_______________________________________________
OSGi Developer Mail List
[email protected]
https://mail.osgi.org/mailman/listinfo/osgi-dev
_______________________________________________
OSGi Developer Mail List
[email protected]
https://mail.osgi.org/mailman/listinfo/osgi-dev
_______________________________________________
OSGi Developer Mail List
[email protected]
https://mail.osgi.org/mailman/listinfo/osgi-dev
