FilePermission Canonical path optimization
Peter Levart
peter.levart at gmail.com
Mon Feb 9 06:42:07 UTC 2015
On 02/09/2015 04:51 AM, Wang Weijun wrote:
>> On Feb 9, 2015, at 11:22, deven you <ydwchina at gmail.com> wrote:
>>
>> Hi Weijun,
>>
>> I see JDK-4141872 marked as Not an Issue, is there any further task continue, or there is any link else to track this problem to remove the canonical path?
> It was marked as Not an Issue, but we are reconsidering about it.
>
>> It's a big improvement if canonical path can be totally removed but I can't figure out how we get the result of the implies* methods without canonical path? Any more detail?
> The current proposed idea is that if you want to access a file using absolute path, you should add a FilePermission line in the policy file with an absolute path. If relative, relative. The overall idea is that the implies method should be implemented without consulting the actual file system but only by looking at the names themselves.
>
> That's why I said there is a very big incompatible change. We hope people only needs to modify their policy files and do not need to rewrite their apps, but we are still investigating if this can always be true.
Hi Max,
Of course you are aware that by trusting the symlinks, you potentially
give much more permission than you would hope to. Suppose that some code
has permission to read and write into a particular directory (for
temporary files). With this permission the code can actually read and/or
write any file in the filesystem that OS grants access to the java
process. Merely by creating a symlink in the read/write-able directory
and accessing the file through it. That's why Apache HTTP Server by
default disables "FollowSymLinks" option.
Regards, Peter
> Thanks
> Max
>
>> Thanks a lot!
More information about the core-libs-dev
mailing list