Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6617

Silently swallowed SecurityExceptions may disable Derby features, including security features.

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 10.11.1.1
    • 10.11.1.3, 10.12.1.1
    • Services
    • None
    • Normal
    • Security

    Description

      When the Monitor tries to read Derby properties, it silently swallows SecurityExceptions. This means that the properties will be silently ignored if Derby has not been granted sufficient privileges. This means that if you make a mistake crafting your security policy, then you may disable authentication and authorization. You may not realize this until you have incurred a security breach. This swallowing occurs at the following code locations:

      org.apache.derby.impl.services.monitor.BaseMonitor readApplicationProperties Catch java.lang.SecurityException 1 line 1360
org.apache.derby.impl.services.monitor.BaseMonitor runWithState Catch java.lang.SecurityException 0 line 280
org.apache.derby.impl.services.monitor.FileMonitor PBgetJVMProperty Catch java.lang.SecurityException 1 line 183
org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 120

      SecurityExceptions are swallowed at other locations in the Monitor. The implications of these swallowings should be understood and, at a minimum, security problems should be fixed:

      org.apache.derby.impl.services.monitor.FileMonitor PBinitialize Catch java.lang.SecurityException 1 line 157
org.apache.derby.impl.services.monitor.FileMonitor createDaemonGroup Catch java.lang.SecurityException 1 line 89

      Attachments

        1. derby-6617-04-aa-platformSpecificErrorText.diff
          3 kB
          Richard N. Hillegas
        2. derby-6617-1.diff
          22 kB
          Dag H. Wanvik
        3. derby-6617-2.diff
          38 kB
          Dag H. Wanvik
        4. derby-6617-2.status
          2 kB
          Dag H. Wanvik
        5. derby-6617-3.diff
          11 kB
          Dag H. Wanvik
        6. derby-6617-3.status
          1 kB
          Dag H. Wanvik
        7. derby-6617-3b.diff
          17 kB
          Dag H. Wanvik
        8. derby-6617-3b.status
          2 kB
          Dag H. Wanvik
        9. derby-6617-junit.diff
          17 kB
          Dag H. Wanvik
        10. exit-subprocess.diff
          9 kB
          Knut Anders Hatlen
        11. fix-test.diff
          8 kB
          Knut Anders Hatlen
        12. ibm.diff
          3 kB
          Knut Anders Hatlen

        Issue Links

        relates to

        Bug - A problem which impairs or prevents the functions of the product. DERBY-6655 Missing FilePermission makes boot fail with NPE

        • Major - Major loss of function.
        • Open

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            dagw Dag H. Wanvik
            rhillegas Richard N. Hillegas
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment