Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3614

Granted SystemPermissions are ignored when granted later with same target and different action

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 10.4.1.3
    • None
    • Miscellaneous
    • Security Manager installed, custom policy file
    • Normal
    • Security

    Description

      org.apache.derby.security.SystemPermission represents access to system-wide Derby privileges, such as privileges relating to JMX management and monitoring. A system permission is identified by a name (aka. "target") and optionally an action associated with that name. SystemPermission extends java.security.BasicPermission. See also DERBY-3491.

      If a SystemPermission is granted for the same target (name) more than once in a set of policy files loaded by the security manager, the last entry seems to overwrite any previous entries, potentially causing SecurityExceptions. Details follow.

      The currently accepted targets are: engine, server, jmx
      The currently accepted actions are: monitor, control, shutdown

      If a policy file specifies e.g.

      grant

      { permission org.apache.derby.security.SystemPermission "server", "monitor"; permission org.apache.derby.security.SystemPermission "server", "control"; }

      then the first ("server", "monitor") permission is ignored when the permission checks are actually performed by the security manager.

      No documentation currently specifies the behavior of SystemPermission in such cases. It seems that the most common and least error-prone way of handling this is to accept each permission grant entry unless there is a conflict between the entries (in which case the result should be well defined and documented).

      Current behavior seems unintuitive and is contrary to the behavior of similar permissions available in the Java platform, e.g. java.util.PropertyPermission which also extends java.security.BasicPermission. For example, the following grants both "read" and "write" permissions to all Principals and codebases:

      grant

      { permission java.util.PropertyPermission "my.sysprop", "write"; permission java.util.PropertyPermission "my.sysprop", "read"; }

      A workaround is to make sure that the same permission/target is not specified more than once within a set of policy files. If more than one action needs to be granted for the same target, the following syntax will work:

      grant

      { permission org.apache.derby.security.SystemPermission "server", "monitor,control"; }

      Attachments

        Issue Links

          relates to

          Sub-task - The sub-task of the issue DERBY-3462 Require new permissions in o.a.d.security.SystemPermission to allow control to Derby's JMX management and to ensure information is not leaked through JMX

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-2109 System privileges

          • Major - Major loss of function.
          • Open

          Improvement - An improvement or enhancement to an existing feature or task. DERBY-3491 Change SystemPermission to be a two arguement permission with a name (object the permission is on) and an action.

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              johnemb John Embretsen
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated: