Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6521

Improve error handling when restricting file permissions

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.11.1.1
    • 10.11.1.1
    • Services
    • None

    Description

      In DERBY-6503 there was some discussion about changing how errors are handled when Derby fails to restrict the file permissions.

      There seemed to be consensus that Derby should raise an exception if the user had explicitly requested (by setting derby.storage.useDefaultFilePermissions=false) that it should try to restrict file permissions. Currently, it only raises an error on non-posix file systems that support access control lists.

      In the case were the user has not explicitly requested restriction of file permissions, two options have been suggested:

      1) Raise an exception

      2) Don't raise an exception, possibly print a warning in derby.log

      Option 1 is the more secure one, since it forces the user to make a decision on how to handle a possible security problem (either by addressing the underlying cause of the failure, so that permissions can be successfully restricted by Derby, or by disabling the file restriction functionality).

      Option 2 is the more backward compatible one, since it gracefully falls back to the pre-10.10/pre-Java 7 behaviour if it cannot restrict the file permissions.

      Attachments

        1. d6521-1a.diff
          8 kB
          Knut Anders Hatlen
        2. d6521-1b.diff
          10 kB
          Knut Anders Hatlen

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            knutanders Knut Anders Hatlen
            knutanders Knut Anders Hatlen
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment