Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6631

FileMonitor can be used to elevate an application's privileges

    XMLWordPrintableJSON

    Details

    • Urgency:
      Normal
    • Bug behavior facts:
      Security

      Description

      Various vulnerabilities in FileMonitor allow applications to perform security-sensitive operations with the elevated privileges granted to Derby:

      getDaemonThread() - The application can call this method in order to create threads, using Derby's elevated privileges.

      getJVMProperty() - The application can call this in order to read system properties using Derby's elevated privileges.

      setThreadPriority() - The application can call this method to change the priority of a daemon thread it has created. This call will execute with Derby's elevated privileges.

        Attachments

        1. d6631-1a-setThreadPriority.diff
          3 kB
          Knut Anders Hatlen
        2. d6631-1b-setThreadPriority.diff
          5 kB
          Knut Anders Hatlen

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                rhillegas Richard N. Hillegas
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: