[jira] Created: (GERONIMO-643) transport guarantees on UDP not always enforced (at least w/jetty)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[jira] Created: (GERONIMO-643) transport guarantees on UDP not always enforced (at least w/jetty)

Development mailing list
transport guarantees on UDP not always enforced (at least w/jetty)
------------------------------------------------------------------

         Key: GERONIMO-643
         URL: http://issues.apache.org/jira/browse/GERONIMO-643
     Project: Geronimo
        Type: Bug
  Components: security  
    Versions: 1.0-M3    
    Reporter: David Jencks
 Assigned to: David Jencks


The UserDataPermission for a request on an unprotected socket is constructed erroneously with a transport guarantee of "N/A" rather than "NONE" (0 rather than 3).  As a result, the UDP permission checks succeed rather than fail if url pattern and method match.  

I believe but have not checked that this results in insecure access to resources that are supposed to be under a transport guarantee only for unchecked resources.  I believe that resources associated with a role have the transport guarantee at least partially enforced by the login mechanism.

I have not looked into what the tomcat integration does in this situation.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply | Threaded
Open this post in threaded view
|

[jira] Commented: (GERONIMO-643) transport guarantees on UDP not always enforced (at least w/jetty)

Development mailing list
     [ http://issues.apache.org/jira/browse/GERONIMO-643?page=comments#action_64697 ]
     
David Jencks commented on GERONIMO-643:
---------------------------------------

revision 169130 provides at least a partial fix for this problem by making sure the UDP never has a transport guarantee of "N/A".  I'd prefer additional review of this area before closing the issue.

> transport guarantees on UDP not always enforced (at least w/jetty)
> ------------------------------------------------------------------
>
>          Key: GERONIMO-643
>          URL: http://issues.apache.org/jira/browse/GERONIMO-643
>      Project: Geronimo
>         Type: Bug
>   Components: security
>     Versions: 1.0-M3
>     Reporter: David Jencks
>     Assignee: David Jencks

>
> The UserDataPermission for a request on an unprotected socket is constructed erroneously with a transport guarantee of "N/A" rather than "NONE" (0 rather than 3).  As a result, the UDP permission checks succeed rather than fail if url pattern and method match.  
> I believe but have not checked that this results in insecure access to resources that are supposed to be under a transport guarantee only for unchecked resources.  I believe that resources associated with a role have the transport guarantee at least partially enforced by the login mechanism.
> I have not looked into what the tomcat integration does in this situation.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

Reply | Threaded
Open this post in threaded view
|

[jira] Closed: (GERONIMO-643) transport guarantees on UDP not always enforced (at least w/jetty)

Development mailing list
In reply to this post by Development mailing list
     [ http://issues.apache.org/jira/browse/GERONIMO-643?page=all ]
     
David Jencks closed GERONIMO-643:
---------------------------------

    Resolution: Fixed

After studying this some more I'm fairly sure it is fixed.

> transport guarantees on UDP not always enforced (at least w/jetty)
> ------------------------------------------------------------------
>
>          Key: GERONIMO-643
>          URL: http://issues.apache.org/jira/browse/GERONIMO-643
>      Project: Geronimo
>         Type: Bug
>   Components: security
>     Versions: 1.0-M3
>     Reporter: David Jencks
>     Assignee: David Jencks

>
> The UserDataPermission for a request on an unprotected socket is constructed erroneously with a transport guarantee of "N/A" rather than "NONE" (0 rather than 3).  As a result, the UDP permission checks succeed rather than fail if url pattern and method match.  
> I believe but have not checked that this results in insecure access to resources that are supposed to be under a transport guarantee only for unchecked resources.  I believe that resources associated with a role have the transport guarantee at least partially enforced by the login mechanism.
> I have not looked into what the tomcat integration does in this situation.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira