[
https://issues.apache.org/jira/browse/FELIX-3196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard S. Hall closed FELIX-3196.
----------------------------------
Resolution: Fixed
> Security Problem: Getting full file access within the cache directory from
> one Bundle
> -------------------------------------------------------------------------------------
>
> Key: FELIX-3196
> URL: https://issues.apache.org/jira/browse/FELIX-3196
> Project: Felix
> Issue Type: Bug
> Components: Framework Security
> Affects Versions: framework.security-2.0.0
> Environment: felix-framework-4.0.1
> Reporter: Michael Grammling
> Assignee: Karl Pauls
> Fix For: framework.security-2.0.1
>
>
> It seems that there is a security problem in the "Framework Security" module
> of Felix.
> I have full access to the bundle cache directory from each bundle.
> Expectation: I should only get full access to the data storage of the bundle
> itself.
> Actually I was able to create files from Bundle 25 inside the data storage of
> Bundle 0.
> I even could delete the whole directory of Bundle 0.
> I checked the same with Knopflerfish which does this check correctly.
> Do I have to set more configuration parameters?
> The OSGi specification defines that the framework should grant access to the
> bundle's data storage.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
