Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Won't Fix
-
10.8.2.2
-
None
-
Low
-
Security
Description
IndexStatisticsDaemonImple.schedule() has the following code. setDaemon can throw a SecurityException so should be wrapped. It says: SecurityException - if the current thread cannot modify this thread.
Does this mean that our documentation should require modifyThreadGroup privs too?
Currently it is in our test policy but not the documentation:
// These permissions are needed by AssertFailure to dump the thread stack
// traces upon failure.
//permission java.lang.RuntimePermission "getStackTrace";
permission java.lang.RuntimePermission "modifyThreadGroup";
// If we're idle, fire off the worker thread.
if (runningThread == null) {
runningThread = new Thread(this, "index-stat-thread");
// Make the thread a daemon thread, we don't want it to stop
// the JVM from exiting. This is a precaution.
runningThread.setDaemon(true);
Marking as a regression as a security violation could make existing statements fail.
Attachments
Issue Links
- relates to
-
DERBY-6352 Access denied ("java.lang.RuntimePermission" "modifyThread") highly intermittent, but e.g. in store.RecoveryAfterBackup test
- Closed