[DERBY-4292] creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not wrapped in privilege block which can cause problems running under SecurityManager - ASF JIRA

XML

Word

Printable

JSON

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 10.1.3.1, 10.2.2.0, 10.3.2.1, 10.4.2.0, 10.5.1.1, 10.6.1.0
Fix Version/s: 10.5.3.0, 10.6.1.0
Component/s: Tools
Labels:
None

org.apache.derby.impl.tools.ij.Main has this code where the call to FileInputStream is not wrapped in a privilege block:

try {
in1 = new FileInputStream(file);
if (in1 != null)

{ in1 = new BufferedInputStream(in1, utilMain.BUFFEREDFILESIZE); in = langUtil.getNewInput(in1); }

} catch (FileNotFoundException e) {
if (Boolean.getBoolean("ij.searchClassPath"))

{ in = langUtil.getNewInput(util.getResourceAsStream(file)); }

This can cause issues when running under SecurityManager