[
https://issues.apache.org/jira/browse/DERBY-4292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12728402#action_12728402
]
Tiago R. Espinha commented on DERBY-4292:
-----------------------------------------
Thank you for your comments Kathey.
- You are right on the policy file bit. I had that code from another test and I
was going under the assumption that it was ultimately necessary to copy the
policy file; that isn't the case so I'll change that.
- I'll create a new patch with all your other comments added.
On the output part, after having discussed this with Kathey on IRC, we landed
on two options:
a) Run ij with execJavaCmd - this option implies having the policy file for
this process defined through system properties. It also implies copying over a
policy file.
b) Run ij as it is ("programatically") and before it is ran, do:
System.setOut(new PrintStream(new NullOutputStream));
This effectively mutes any output and after the fixture is ran, the plan is to
restore it to the original System.out in a finally block.
At this point, this is the method we agreed would be less bad, so I'm going
forward with this one on the patch.
> creation of FileInputStream in org.apache.derby.impl.tools.ij.Main not
> wrapped in privilege block which can cause problems running under
> SecurityManager
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: DERBY-4292
> URL: https://issues.apache.org/jira/browse/DERBY-4292
> Project: Derby
> Issue Type: Bug
> Components: Tools
> Affects Versions: 10.1.3.1, 10.2.2.0, 10.3.2.1, 10.4.2.0, 10.5.1.1,
> 10.6.0.0
> Reporter: Kathey Marsden
> Assignee: Tiago R. Espinha
> Attachments: DERBY-4292-Fix.patch, DERBY-4292-ReproTest.patch,
> derby4292.zip
>
>
> org.apache.derby.impl.tools.ij.Main has this code where the call to
> FileInputStream is not wrapped in a privilege block:
> try {
> in1 = new FileInputStream(file);
> if (in1 != null) {
> in1 = new BufferedInputStream(in1,
> utilMain.BUFFEREDFILESIZE);
> in = langUtil.getNewInput(in1);
> }
> } catch (FileNotFoundException e) {
> if (Boolean.getBoolean("ij.searchClassPath")) {
> in =
> langUtil.getNewInput(util.getResourceAsStream(file));
> }
> This can cause issues when running under SecurityManager
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
