Bug 1162882 - [GSS](6.4.0) JBTM-2188 - Some code that writes to the file store is missing PrivilidgedAction blocks
Summary: [GSS](6.4.0) JBTM-2188 - Some code that writes to the file store is missing P...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Transaction Manager
Version: 6.3.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: DR11
: EAP 6.4.0
Assignee: tom.jenkinson
QA Contact: Ondrej Chaloupka
URL:
Whiteboard:
Depends On:
Blocks: 1165728
TreeView+ depends on / blocked
 
Reported: 2014-11-11 22:43 UTC by Brad Maxwell
Modified: 2019-08-19 12:46 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous releases of JBoss EAP 6, if Security Manager was enabled then Narayana Transaction Manager could not be allowed read or write from the files of object store managed by FileSystemStore class. This was because, when the security manager is used, it verifies that the code has permissions to access the file system. This process checks the entire method call chain, meaning there is a chance that some classes do not have permission to access the filesystem. The fix implemented in this release is to access the file system as a privileged entity, `AccessController.doPrivileged()`, which reduces the stack to classes that the security manager recognizes as privileged to have file system access.
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker JBTM-2188 0 Major Closed Some code that writes to the file store is missing PrivilidgedAction blocks 2020-11-04 04:32:04 UTC

Description Brad Maxwell 2014-11-11 22:43:53 UTC 
When java security manager is enabled, com.arjuna.ats.internal.arjuna.objectstore.FileSystemStore throws the exception below: 

16:23:20,930 ERROR [stderr] (ServerService Thread Pool -- 48) java.security.AccessControlException: access denied ("java.io.FilePermission" "/tmp/jboss-eap-6.3.2/standalone/data/tx-object-store/ShadowNoFileLockStore/defaultStore/EISNAME" "read")
16:23:20,931 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
16:23:20,931 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.security.AccessController.checkPermission(AccessController.java:559)
16:23:20,932 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
16:23:20,932 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
16:23:20,932 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.io.File.list(File.java:1111)
16:23:20,932 ERROR [stderr] (ServerService Thread Pool -- 48) 	at java.io.File.list(File.java:1149)
16:23:20,933 ERROR [stderr] (ServerService Thread Pool -- 48) 	at com.arjuna.ats.internal.arjuna.objectstore.FileSystemStore.allObjUids(FileSystemStore.java:173)
Comment 3 tom.jenkinson 2014-11-12 17:27:36 UTC 
Hi, I have merged this and it will be in 6.4 - thanks for the PR!
Comment 4 tom.jenkinson 2014-11-12 17:27:53 UTC 
fixed upstream
Comment 5 Ondrej Chaloupka 2014-11-27 09:12:54 UTC 
Verified for EAP 6.4.0.DR11.
Verified by AS testsuite - see bz: https://bugzilla.redhat.com/show_bug.cgi?id=1144943
Note You need to log in before you can comment on or make changes to this bug.