Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6617

Silently swallowed SecurityExceptions may disable Derby features, including security features.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.11.1.1
    • Fix Version/s: 10.11.1.3, 10.12.1.1
    • Component/s: Services
    • Labels:
      None
    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      When the Monitor tries to read Derby properties, it silently swallows SecurityExceptions. This means that the properties will be silently ignored if Derby has not been granted sufficient privileges. This means that if you make a mistake crafting your security policy, then you may disable authentication and authorization. You may not realize this until you have incurred a security breach. This swallowing occurs at the following code locations:

      org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties Catch java.lang.SecurityException 1 line 1360
      org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch java.lang.SecurityException 0 line 280
      org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch java.lang.SecurityException 1 line 183
      org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 120
      

      SecurityExceptions are swallowed at other locations in the Monitor. The implications of these swallowings should be understood and, at a minimum, security problems should be fixed:

      org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 157
      org.apache.derby.impl.services.monitor.FileMonitor createDaemonGroup Catch java.lang.SecurityException 1 line 89
      

        Attachments

        1. ibm.diff
          3 kB
          Knut Anders Hatlen
        2. fix-test.diff
          8 kB
          Knut Anders Hatlen
        3. exit-subprocess.diff
          9 kB
          Knut Anders Hatlen
        4. derby-6617-junit.diff
          17 kB
          Dag H. Wanvik
        5. derby-6617-3b.status
          2 kB
          Dag H. Wanvik
        6. derby-6617-3b.diff
          17 kB
          Dag H. Wanvik
        7. derby-6617-3.status
          1 kB
          Dag H. Wanvik
        8. derby-6617-3.diff
          11 kB
          Dag H. Wanvik
        9. derby-6617-2.status
          2 kB
          Dag H. Wanvik
        10. derby-6617-2.diff
          38 kB
          Dag H. Wanvik
        11. derby-6617-1.diff
          22 kB
          Dag H. Wanvik
        12. derby-6617-04-aa-platformSpecificErrorText.diff
          3 kB
          Richard N. Hillegas

          Issue Links

            Activity

              People

              • Assignee:
                dagw Dag H. Wanvik
                Reporter:
                rhillegas Richard N. Hillegas
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: