Bug 47364

Bug: 47364

Impact:

Product:

GemStone/S 64 Bit

Versions:

3.4, 3.3.6, 3.3.5, 3.3.4, 3.3.3, 3.3.2, 3.3.1, 3.3, 3.2.17, 3.2.16, 3.2.15, 3.2.14, 3.2.13, 3.2.12, 3.2.11, 3.2.10, 3.2.9, 3.2.8.1, 3.2.8, 3.2.7, 3.2.6, 3.2.5, 3.2.4, 3.2.3, 3.2.2, 3.2.1, 3.2, 3.1.0.6, 3.1.0.5, 3.1.0.4, 3.1.0.3, 3.1.0.2, 3.1.0.1, 3.1, 3.0.1, 3.0, 2.4.8, 2.4.7, 2.4.6, 2.4.5.1, 2.4.5, 2.4.4.8, 2.4.4.7, 2.4.4.4, 2.4.x, 2.3.1.6, 2.3.x, 2.2.6.5, 2.2.5.4, 2.2.x

Platform:

All Platforms

Fixed In:

3.4.1, 3.3.7

Security error when browsing implementors with session methods enabled and no CodeModification privilege

If session methods have been enabled for a UserProfile that does not have CodeModification privilege, if this user attempts to browse implementors of any method, using either GBS or ClassOrganizer>>implementorsOf:, it will trigger the following error:

----------------------------------------------------
GemStone: Error Nonfatal
a SecurityError occurred (error 2151), reason:rtErrNoPriv, An attempt was made to do a privileged operation for which no privilege had been granted. Error Category: 231169 [GemStone] Number: 2151 Arg Count: 1 Context : 32046593 exception : 32044545
Arg 1: [32040705 sz:10 cls: 76545 UserProfile] anUserProfile

For GS version 2.X the error will be formatted slightly differently:

----------------------------------------------------
GemStone: Error Nonfatal
An attempt was made to do a privileged operation for which no privilege had been granted. Error Category: 231169 [GemStone] Number: 2151 Arg Count: 1 Context : 15536641
Arg 1: [15045121 sz:10 cls: 76545 UserProfile] an UserProfile

Workaround

Browse implementors from a GS user with appropriate privileges, or that has not had session methods enabled.