[DERBY-6632] Applications may be able to use StorageFactoryService to delete Derby databases and overwrite service.properties. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 10.11.1.1
Fix Version/s: 10.12.1.1
Component/s: Services
Labels:
- derby_backport_reject_10_11

Urgency:
Normal
Bug behavior facts:

Data corruption, Security

Description

Various powerful methods in StorageFactoryService are public. I have not verified the following with an experiment, but it appears to me that these methods give any code running in the JVM the ability to elevate privileges to those granted to Derby and do the following:

1) Delete Derby databases via the following methods:

org.apache.derby.impl.services.monitor.StorageFactoryService createServiceRoot()
org.apache.derby.impl.services.monitor.StorageFactoryService getServiceProperties()
org.apache.derby.impl.services.monitor.StorageFactoryService getStorageFactoryInstance()
org.apache.derby.impl.services.monitor.StorageFactoryService removeServiceRoot()

2) Overwrite service.properties via overloads of the following method:

org.apache.derby.impl.services.monitor.StorageFactoryService createServiceRoot()

Attachments

Issue Links

relates to

DERBY-6648 Application code should not be able to call ContextService.getContextOrNull()

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Richard N. Hillegas

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 20/Jun/14 19:31

Updated:: 01/Oct/14 17:45

Resolved:: 29/Sep/14 15:51