Uploaded image for project: 'James Server'
  1. James Server
  2. JAMES-636

Policy in environment.xml is... ignored?!?

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 2.3.0, 3.0.0
    • 3.0-M1
    • None
    • None
    • James 2.3.0rc3 / 3.0

    Description

      I have been testing to securize James, have seen that there was the option to add to policies in the file environment.xml, but in version 2.3 and 3.0 it does not work, I suppose that it will have to do with the migration that became to Phoenix 4.2 from 4.0.1, seems simply that, ignores them quiet and it treats it like a AllPermission, stranger.

      In James 2.2 if no policy is configured, phoenix.log says:
      [Phoenix.] (): No policy specified in server.xml, giving full permissions to ServerApplication.

      In 2.3 / 3.0 no message show...

      I haves used a policy Like this, and... never throws security exceptions...
      <policy>
      <grant code-base="file:${app.home}${/}lib${/}*">
      <permission class="java.io.FilePermission"
      target="${app.home}${/}*"
      action="read,write" />
      </grant>
      </policy>

      I have even proven to make a FileInputStream of /etc/passwd and... has eaten it, not security exception
      In Loom 1.0-rc3 is the same, policy is ignored...

      At the moment the workarround is modifying directly the policy of phoenix-loader.jar and restrict it at global level of the JVM.

      I have opened a ticket in Codehaus for Loom 1.0rc3, in the case of Phoenix... "two stones"
      See also: http://jira.codehaus.org/browse/LOOM-81

      I inform, in case somebody can make some thing.

      Attachments

        1. james.policy
          3 kB
          Guillermo Grandes

        Activity

          People

            norman Norman Maurer
            technobcn Guillermo Grandes
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: