sis-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Desruisseaux (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SIS-320) Enable SIS to run is security-constrained environments
Date Sun, 13 Mar 2016 20:38:33 GMT

    [ https://issues.apache.org/jira/browse/SIS-320?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15192526#comment-15192526
] 

Martin Desruisseaux commented on SIS-320:
-----------------------------------------

Temporarily removed the use of {{AccessController.doPrivileged(...)}} for shutdown hook. The
reason is that we currently use a mechanism that allow anyone to register code to execute
as part of our shutdown. This mechanism is in the internal packages of SIS, but there is currently
no mechanism (other than OSGi) to ensure that only SIS uses this mechanism. We should be able
to re-enable the use of {{AccessController.doPrivileged(...)}} when we will upgrade to jigsaw
with the following command:

{noformat}
svn diff -r 1734855:1734854 https://svn.apache.org/repos/asf/sis/branches/JDK8/core/sis-utility/src/main/java/org/apache/sis/internal/system/Shutdown.java
{noformat}


> Enable SIS to run is security-constrained environments
> ------------------------------------------------------
>
>                 Key: SIS-320
>                 URL: https://issues.apache.org/jira/browse/SIS-320
>             Project: Spatial Information Systems
>          Issue Type: Improvement
>          Components: Metadata, Referencing, Storage, Utilities
>    Affects Versions: 0.3, 0.4, 0.5, 0.6
>            Reporter: Martin Desruisseaux
>            Assignee: Martin Desruisseaux
>             Fix For: 0.7
>
>
> Wraps some code necessary to SIS working in {{AccessController.doPrivileged(...)}} blocks.
Examples:
> {code:java}
> String dir = AccessController.doPrivileged((PrivilegedAction<String>) () ->
{
>     return System.getenv("SIS_DATA");
> });
> {code}
> We should not wrap all security-sensitive request for information, but only those that
are needed for SIS working. Examples:
> * Environment variable value for {{SIS_DATA}}.
> * Property value for {{"java.naming.factory.initial"}}, {{"derby.system.home"}}.
> * Call to {{Field.setAccessible(true)}} in {{clone()}} methods for setting final fields.
> Information for which we do *not* request privileged actions at this time:
> * MBean registration.
> * Property value for {{"java.home"}}.
> * Call to {{Field.setAccessible(true)}} on deserialization for setting final transient
fields.
> Initial patch for SIS has been submitted by Guilhem L├ęgal.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message