Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-1487

Use of getCanonicalPath() in sysinfo causes a SecurityException

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 10.1.3.1, 10.2.1.6
    • None
    • Tools
    • Windows XP. I could not reproduce the issue on Mac OS X.
    • Normal
    • Repro attached

    Description

      From DERBY-1272:

      Here's the full stack for the SecurityException found by the errorStream test with the -v4 patch applied:

      Test errorStream failed: access denied (java.io.FilePermission C:\derby-trunk\classes read)
      at java.security.AccessController.checkPermission(AccessController.java:401)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
      at java.lang.SecurityManager.checkRead(SecurityManager.java:863)
      at java.io.File.exists(File.java:678)
      at java.io.Win32FileSystem.canonicalize(Win32FileSystem.java:360)
      at java.io.File.getCanonicalPath(File.java:513)
      at org.apache.derby.impl.tools.sysinfo.Main.formatURL(Main.java:1206)
      at org.apache.derby.impl.tools.sysinfo.Main.loadZipFromResource(Main.java:831)
      at org.apache.derby.impl.tools.sysinfo.Main.getAllInfo(Main.java:735)
      at org.apache.derby.impl.tools.sysinfo.Main.reportDerby(Main.java:212)
      at org.apache.derby.impl.tools.sysinfo.Main.getMainInfo(Main.java:119)
      at org.apache.derby.tools.sysinfo.getInfo(sysinfo.java:200)
      at org.apache.derby.impl.services.monitor.BaseMonitor.dumpTempWriter(BaseMonitor.java:1949)
      at org.apache.derby.impl.services.monitor.BaseMonitor.runWithState(BaseMonitor.java:383)
      at org.apache.derby.impl.services.monitor.FileMonitor.<init>(FileMonitor.java:59)
      at org.apache.derby.iapi.services.monitor.Monitor.startMonitor(Monitor.java:288)
      at org.apache.derby.iapi.jdbc.JDBCBoot.boot(JDBCBoot.java:68)
      at org.apache.derby.jdbc.EmbeddedDriver.boot(EmbeddedDriver.java:178)

      The problem would appear that we explicitly need java.io.FilePermission read on the classes directory, even though this directory contains the classes we are currently running against. This may be a problem with java.io.File.getCanonicalPath(), but it may also be a problem with sysinfo.

      org.apache.derby.impl.tools.sysinfo.Main.formatURL(Main.java:1206) is:

      result = new File(filename).getCanonicalPath().replace('/', File.separatorChar);

      The Sun Windows JVM may throw a SecurityException by default in the most restricted environments. From the javadoc for File.getCanonicalPath():

      "If a required system property value cannot be accessed, or if a security manager exists and its SecurityManager.checkRead(java.io.FileDescriptor) method denies read access to the file"

      Some investigation is required to determine whether or not this is a Windows-specific issue or if it is reproducible on other platforms. It has already been found to not be reproducible on Mac OS X. I'm curious why this exception is not thrown when running sysinfo standalone with a security manager without a policy file, since presumably this permission would not have been granted to sysinfo and the same code path should be used in both cases.

      Attachments

        1. DERBY-1487_repro.diff
          23 kB
          Myrna van Lunteren

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-1272 Change sysinfo to print to error log (derby.log) on boot of derby if derby.stream.error.logSeverityLevel=0

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              fuzzylogic Samuel Andrew McIntyre
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated: