Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6648

Application code should not be able to call ContextService.getContextOrNull()

    XMLWordPrintableJSON

Details

    • Normal
    • Release Note Needed
    • Security

    Description

      By calling ContextService.getContextOrNull() (and its relatives), application code can get its hands on all sorts of internal Derby contexts, factories, and managers. This allows application code to bypass SQL authorization checks and perform sensitive or data-corrupting actions.

      For instance, right now an application can use this method to get its hands on the language connection context. From the lcc, the application can get its hands on the data dictionary and the execution transaction. Armed with those objects, the application can bypass authorization checks and create schema objects, users, and permissions.

      Only Derby code should be able to call this powerful method.

      Attachments

        1. derby-6648-01-aa-oneActionList.diff
          7 kB
          Richard N. Hillegas
        2. derby-6648-01-ab-rototill1.diff
          159 kB
          Richard N. Hillegas
        3. derby-6648-01-ad-rototill1.diff
          159 kB
          Richard N. Hillegas
        4. derby-6648-01-ae-regressionTests.diff
          189 kB
          Richard N. Hillegas
        5. derby-6648-02-aa-packagePrivateTests.diff
          0.8 kB
          Richard N. Hillegas
        6. derby-6648-03-aa-monitor.diff
          230 kB
          Richard N. Hillegas
        7. derby-6648-03-ab-monitor.diff
          245 kB
          Richard N. Hillegas
        8. derby-6648-03-ac-monitor.diff
          245 kB
          Richard N. Hillegas
        9. releaseNote.html
          2 kB
          Richard N. Hillegas
        10. releaseNote.html
          2 kB
          Richard N. Hillegas

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6630 Applications can use JCECipherFactory to elevate their privileges to those granted to Derby

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6631 FileMonitor can be used to elevate an application's privileges

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6632 Applications may be able to use StorageFactoryService to delete Derby databases and overwrite service.properties.

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6641 Application code may be able to use the public LogToFile class to interfere with Derby's operation.

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6717 Policies with multiple SystemPermissions are not handled well

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6744 Update the documentation of security policy files to include the new usederbyinternals SystemPermission

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6751 Prevent user code from getting the LanguageConnectionContext from an EmbedConnection

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6616 User procedures can call system procedures, circumventing SQL authorization.

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. DERBY-6741 User code can get the ContextManager from an EmbedConnection

          • Major - Major loss of function.
          • Closed

          Activity

            People

              rhillegas Richard N. Hillegas
              rhillegas Richard N. Hillegas
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: