IndexStatisticsDaemonImpl.schedule should wrap Thread.setDaemon() in a
privilege block
---------------------------------------------------------------------------------------
Key: DERBY-5571
URL: https://issues.apache.org/jira/browse/DERBY-5571
Project: Derby
Issue Type: Bug
Reporter: Kathey Marsden
IndexStatisticsDaemonImple.schedule() has the following code. setDaemon can
throw a SecurityException so should be wrapped. It says: SecurityException - if
the current thread cannot modify this thread.
Does this mean that our documentation should require modifyThreadGroup privs
too?
Currently it is in our test policy but not the documentation:
// These permissions are needed by AssertFailure to dump the thread stack
// traces upon failure.
//permission java.lang.RuntimePermission "getStackTrace";
permission java.lang.RuntimePermission "modifyThreadGroup";
// If we're idle, fire off the worker thread.
if (runningThread == null) {
runningThread = new Thread(this, "index-stat-thread");
// Make the thread a daemon thread, we don't want it to stop
// the JVM from exiting. This is a precaution.
runningThread.setDaemon(true);
Marking as a regression as a security violation could make existing statements
fail.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
