Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
10.12.1.1
-
None
-
None
-
Low
Description
An additional privilege may be needed when running a user-defined aggregate which spills intermediate results to disk. That is a theory raised by discussion on this email thread: http://apache-database.10148.n7.nabble.com/Security-problem-with-ggregate-functions-using-Java-td147236.html The additional privilege needed by the engine jar is:
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
It is likely that this situation only arises on JVMs up through JDK 8. I believe that JDK 9 has removed many dependencies on Sun classes.
It would be worthwhile to try running a user-defined aggregate which spills to disk, and to do this while running under a security manager.