[DERBY-5571] IndexStatisticsDaemonImpl.schedule should wrap Thread.setDaemon() in a privilege block - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: 10.8.2.2
Fix Version/s: None
Component/s: Services
Labels:
- derby_triage10_10

Urgency:
Low
Bug behavior facts:

Security

Description

IndexStatisticsDaemonImple.schedule() has the following code. setDaemon can throw a SecurityException so should be wrapped. It says: SecurityException - if the current thread cannot modify this thread.

Does this mean that our documentation should require modifyThreadGroup privs too?
Currently it is in our test policy but not the documentation:
// These permissions are needed by AssertFailure to dump the thread stack
// traces upon failure.
//permission java.lang.RuntimePermission "getStackTrace";
permission java.lang.RuntimePermission "modifyThreadGroup";

// If we're idle, fire off the worker thread.
if (runningThread == null) {
runningThread = new Thread(this, "index-stat-thread");
// Make the thread a daemon thread, we don't want it to stop
// the JVM from exiting. This is a precaution.
runningThread.setDaemon(true);

Marking as a regression as a security violation could make existing statements fail.

Attachments

Issue Links

relates to

DERBY-6352 Access denied ("java.lang.RuntimePermission" "modifyThread") highly intermittent, but e.g. in store.RecoveryAfterBackup test

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Katherine Marsden

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 17/Jan/12 19:30

Updated:: 21/Jan/15 00:23

Resolved:: 29/Apr/14 19:38