[ https://issues.apache.org/jira/browse/FELIX-3196?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard S. Hall closed FELIX-3196. ---------------------------------- Resolution: Fixed > Security Problem: Getting full file access within the cache directory from > one Bundle > ------------------------------------------------------------------------------------- > > Key: FELIX-3196 > URL: https://issues.apache.org/jira/browse/FELIX-3196 > Project: Felix > Issue Type: Bug > Components: Framework Security > Affects Versions: framework.security-2.0.0 > Environment: felix-framework-4.0.1 > Reporter: Michael Grammling > Assignee: Karl Pauls > Fix For: framework.security-2.0.1 > > > It seems that there is a security problem in the "Framework Security" module > of Felix. > I have full access to the bundle cache directory from each bundle. > Expectation: I should only get full access to the data storage of the bundle > itself. > Actually I was able to create files from Bundle 25 inside the data storage of > Bundle 0. > I even could delete the whole directory of Bundle 0. > I checked the same with Knopflerfish which does this check correctly. > Do I have to set more configuration parameters? > The OSGi specification defines that the framework should grant access to the > bundle's data storage. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira