[jira] Commented: (DERBY-2925) Prevent export from overwriting existing files

Kathey Marsden (JIRA) Mon, 30 Jul 2007 20:38:14 -0700

    [ 
https://issues.apache.org/jira/browse/DERBY-2925?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12516610
 ]


Kathey Marsden commented on DERBY-2925:
---------------------------------------

Running suites.All with the patch I see these failures:  Almost as though the 
permissions problem has moved.

3) 
testIllegalOps(org.apache.derbyTesting.functionTests.tests.lang.XMLTypeAndOpsTest)junit.framework.ComparisonFailure:
Unexpected SQL state. expected:<42Z7...> but was:<XJ00...>
        at 
org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:624)
        at 
org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:659)
        at 
org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:673)
        at 
org.apache.derbyTesting.junit.BaseJDBCTestCase.assertStatementError(BaseJDBCTestCase.java:854)
        at 
org.apache.derbyTesting.functionTests.tests.lang.XMLTypeAndOpsTest.testIllegalOps(XMLTypeAndOpsTest.java:352)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at 
org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:95)
        at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
        at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
        at junit.extensions.TestSetup.run(TestSetup.java:23)
        at 
org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:57)
Caused by: java.sql.SQLException: Java exception: 'Access denied 
(java.io.FilePermission xmlexport.del read): java.secur
ity.AccessControlException'.
        at 
org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:45)
        at org.apache.derby.impl.jdbc.Util.newEmbedSQLException(Util.java:88)
        at org.apache.derby.impl.jdbc.Util.javaException(Util.java:245)
        at 
org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(TransactionResourceImpl.java:403)
        at 
org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(TransactionResourceImpl.java:398)
        at 
org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(TransactionResourceImpl.java:346)
        at 
org.apache.derby.impl.jdbc.EmbedConnection.handleException(EmbedConnection.java:1572)
        at 
org.apache.derby.impl.jdbc.ConnectionChild.handleException(ConnectionChild.java:81)
        at 
org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(EmbedStatement.java:1293)
        at 
org.apache.derby.impl.jdbc.EmbedPreparedStatement.executeStatement(EmbedPreparedStatement.java:1652)
        at 
org.apache.derby.impl.jdbc.EmbedCallableStatement.executeStatement(EmbedCallableStatement.java:116)
        at 
org.apache.derby.impl.jdbc.EmbedPreparedStatement.execute(EmbedPreparedStatement.java:1304)
        at 
org.apache.derbyTesting.junit.BaseJDBCTestCase.assertStatementError(BaseJDBCTestCase.java:849)
        ... 34 more
Caused by: java.security.AccessControlException: Access denied 
(java.io.FilePermission xmlexport.del read)
        at 
java.security.AccessController.checkPermission(AccessController.java:104)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:547)
        at java.lang.SecurityManager.checkRead(SecurityManager.java:886)
        at java.io.File.exists(File.java:726)
        at 
org.apache.derby.iapi.util.PrivilegedFileOps$1.run(PrivilegedFileOps.java:60)
        at 
java.security.AccessController.doPrivileged(AccessController.java:242)
        at 
org.apache.derby.iapi.util.PrivilegedFileOps.exists(PrivilegedFileOps.java:57)
        at org.apache.derby.impl.load.Export.dataFileExists(Export.java:146)
        at org.apache.derby.impl.load.Export.doExport(Export.java:57)
        at org.apache.derby.impl.load.Export.exportTable(Export.java:172)
        at 
org.apache.derby.catalog.SystemProcedures.SYSCS_EXPORT_TABLE(SystemProcedures.java:1128)
        at 
org.apache.derby.exe.ac592dcde3x0114x19dfx7bc8xffffa650e7100.g0(Unknown Source)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at 
org.apache.derby.impl.services.reflect.ReflectMethod.invoke(ReflectMethod.java:46)
        at 
org.apache.derby.impl.sql.execute.CallStatementResultSet.open(CallStatementResultSet.java:57)
        at 
org.apache.derby.impl.sql.GenericPreparedStatement.execute(GenericPreparedStatement.java:370)
        at 
org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(EmbedStatement.java:1203)
        ... 38 more
4) 
testIllegalOps(org.apache.derbyTesting.functionTests.tests.lang.XMLTypeAndOpsTest)junit.framework.ComparisonFailure:
Unexpected SQL state. expected:<42Z7...> but was:<XJ00...>
        at 
org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:624)
        at 
org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:659)
        at 
org.apache.derbyTesting.junit.BaseJDBCTestCase.assertSQLState(BaseJDBCTestCase.java:673)
        at 
org.apache.derbyTesting.junit.BaseJDBCTestCase.assertStatementError(BaseJDBCTestCase.java:854)
        at 
org.apache.derbyTesting.functionTests.tests.lang.XMLTypeAndOpsTest.testIllegalOps(XMLTypeAndOpsTest.java:352)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at 
org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:95)
        at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
        at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
        at junit.extensions.TestSetup.run(TestSetup.java:23)
        at 
org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:57)
        at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
        at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
        at junit.extensions.TestSetup.run(TestSetup.java:23)
        at junit.extensions.TestDecorator.basicRun(TestDecorator.java:22)
        at junit.extensions.TestSetup$1.protect(TestSetup.java:19)
        at junit.extensions.TestSetup.run(TestSetup.java:23)
        at 
org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:57)
Caused by: java.sql.SQLException: Java exception: 'Access denied 
(java.io.FilePermission xmlexport.del read): java.secur
ity.AccessControlException'.
        at 
org.apache.derby.client.am.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:46)
        at 
org.apache.derby.client.am.SqlException.getSQLException(SqlException.java:362)
        at 
org.apache.derby.client.am.SqlException.getSQLException(SqlException.java:371)
        at 
org.apache.derby.client.am.PreparedStatement.execute(PreparedStatement.java:1572)
        at 
org.apache.derbyTesting.junit.BaseJDBCTestCase.assertStatementError(BaseJDBCTestCase.java:849)
        ... 43 more
Caused by: org.apache.derby.client.am.SqlException: Java exception: 'Access 
denied (java.io.FilePermission xmlexport.del
 read): java.security.AccessControlException'.
        at org.apache.derby.client.am.SqlException.<init>(SqlException.java:290)
        at org.apache.derby.client.am.SqlException.<init>(SqlException.java:264)
        at 
org.apache.derby.client.am.Statement.completeExecute(Statement.java:1498)
        at 
org.apache.derby.client.net.NetStatementReply.parseEXCSQLSTTreply(NetStatementReply.java:304)
        at 
org.apache.derby.client.net.NetStatementReply.readExecuteCall(NetStatementReply.java:105)
        at 
org.apache.derby.client.net.StatementReply.readExecuteCall(StatementReply.java:75)
        at 
org.apache.derby.client.net.NetStatement.readExecuteCall_(NetStatement.java:176)
        at 
org.apache.derby.client.am.Statement.readExecuteCall(Statement.java:1464)
        at 
org.apache.derby.client.am.PreparedStatement.flowExecute(PreparedStatement.java:2158)
        at 
org.apache.derby.client.am.PreparedStatement.executeX(PreparedStatement.java:1578)
        at 
org.apache.derby.client.am.PreparedStatement.execute(PreparedStatement.java:1563)
        ... 44 more


> Prevent export from overwriting existing files
> ----------------------------------------------
>
>                 Key: DERBY-2925
>                 URL: https://issues.apache.org/jira/browse/DERBY-2925
>             Project: Derby
>          Issue Type: Sub-task
>          Components: Security, Tools
>    Affects Versions: 10.1.2.1, 10.2.2.0, 10.3.1.3, 10.4.0.0
>            Reporter: Kathey Marsden
>            Assignee: Ramin Moazeni
>         Attachments: DERBY-2925v0.diff, DERBY-2925v0.stat, DERBY-2925v1.diff, 
> DERBY-2925v1.stat, DERBY-2925v2.diff, DERBY-2925v2.stat, DERBY-2925v3.diff, 
> DERBY-2925v3.stat, DERBY-2925v4.diff, DERBY-2925v4.stat, DERBY-2925v5.diff, 
> DERBY-2925v5.stat, releaseNotev0.html
>
>
> Export should not overwrite existing files, but rather insist that the user 
> remove them before writing to the file.  This will help prevent accidental or 
> intentional corruption of the database with export.  This may introduce a 
> compatibility issue with export but because export is usually an attended 
> utility and not typically invoked as part of an application, I think the risk 
> is worth the additional security this will provide.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (DERBY-2925) Prevent export from overwriting existing files

Reply via email to