FilePermission Canonical path optimization

Wang Weijun weijun.wang at oracle.com
Mon Feb 9 06:44:09 UTC 2015 

> On Feb 9, 2015, at 13:27, deven you <ydwchina at gmail.com> wrote:
> 
> Hi Weijun,
> 
> From my understanding, the new proposal will let implies method only depends on the absolute path in policy file, correct? So it's user's responsibility to ensure files who want to access is relative to the absolute path in some policy file?

No, you can still add a FilePermission on a relative path, and then it only allows you accessing the file with a relative path.

For example, if the current working directory is /home/me, and the policy file has

   FilePermission doc/-, read;

You can only call new FileInputStream("doc/a.txt"), you cannot call new FileInputStream("/home/me/doc/a.txt"), because without consulting the file system (i.e. canonicalize the path), there is no way to find out /home/me/doc/a.txt is inside doc.

On the other hand, if the policy file has

   FilePermission /etc/passwd, read;

You cannot call new FileInputStream("../../etc/passwd"), although we think nobody will try that.

> 
> I personal agree this proposal. Is there any doc or link for this new proposal? Or if you can update the information for this proposal here, I will be very appreciate!

Not yet. This is just an experiment, and given the incompatibility, we are still evaluating if it is doable. As I said in my previous mail, we don't want anyone to rewrite his/her apps, and we hope it's easy to modify policy files.

Actually, since this makes FilePermission simpler, there won't be a long doc.

Thanks
Max

> 
> Thanks a lot!
> 
> 2015-02-09 11:51 GMT+08:00 Wang Weijun <weijun.wang at oracle.com>:
> 
> > On Feb 9, 2015, at 11:22, deven you <ydwchina at gmail.com> wrote:
> >
> > Hi Weijun,
> >
> > I see JDK-4141872 marked as Not an Issue, is there any further task continue, or there is any link else to track this problem to remove the canonical path?
> 
> It was marked as Not an Issue, but we are reconsidering about it.
> 
> >
> > It's a big improvement if canonical path can be totally removed but I can't figure out how we get the result of the implies* methods without canonical path? Any more detail?
> 
> The current proposed idea is that if you want to access a file using absolute path, you should add a FilePermission line in the policy file with an absolute path. If relative, relative. The overall idea is that the implies method should be implemented without consulting the actual file system but only by looking at the names themselves.
> 
> That's why I said there is a very big incompatible change. We hope people only needs to modify their policy files and do not need to rewrite their apps, but we are still investigating if this can always be true.
> 
> Thanks
> Max
> 
> >
> > Thanks a lot!
> 
>

More information about the core-libs-dev mailing list