Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-4362

Security ConfigAdmin permissions are inherited on the stack

    XMLWordPrintableJSON

Details

    Description

      It seems to cause lots of issues for me when testing.
      For example, I end up with lots of exceptions like:
      [CM Configuration Updater (ManagedServiceFactory Update: factoryPid=[org.apache.felix.fileinstall])] ERROR org.apache.felix.configadmin - [org.osgi.service.cm.ManagedServiceFactory, id=233, bundle=7/mvn:org.apache.felix/org.apache.felix.fileinstall/3.2.6]: Unexpected problem updating configuration org.apache.felix.fileinstall.c0eba252-35f7-4ab6-bc11-ad11e131711c
      java.security.AccessControlException: access denied ("java.util.PropertyPermission" "java.io.tmpdir" "read")
      at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
      at java.security.AccessController.checkPermission(AccessController.java:559)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
      at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
      at java.lang.System.getProperty(System.java:708)
      at org.apache.felix.fileinstall.internal.DirectoryWatcher.<init>(DirectoryWatcher.java:109)
      at org.apache.felix.fileinstall.internal.FileInstall.updated(FileInstall.java:246)
      at org.apache.felix.fileinstall.internal.FileInstall$ConfigAdminSupport$Tracker.updated(FileInstall.java:422)
      at org.apache.felix.cm.impl.helper.ManagedServiceFactoryTracker.provideConfiguration(ManagedServiceFactoryTracker.java:88)
      at org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceFactoryUpdate.provide(ConfigurationManager.java:1605)
      at org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceFactoryUpdate.run(ConfigurationManager.java:1548)
      at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:103)
      at java.lang.Thread.run(Thread.java:744)
      I think if we want to allow such a permissions file, we also need to ensure that all access to bundles are not conditioned by it.
      In the above stack trace and when running with a security manager, the call to service.updated() should be done inside a priviledged action I think:

        return AccessController.doPrivileged(new PrivilegedAction<Object>() {
    public Object run() { service.updated( configPid.toString(), props ); }
  }, accessControlContext);

      so that permissions of ConfigAdmin bundle are not inherited by other bundles.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. FELIX-4039 Add Permissions file in ConfigAdmin bundle

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. KARAF-2636 Improve security mechanism

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              fmeschbe Felix Meschberger
              gnodet Guillaume Nodet
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: