RFR 8213031: (zipfs) Add support for POSIX file permissions

Mon Nov 5 15:59:29 UTC 2018

On 05/11/2018 13:05, Langer, Christoph wrote:
>
> Hi Alan, all,
>
> I’d welcome a discussion, for sure. Unfortunately there hasn’t been so 
> much participation in this yet. I think this is an item where it’s 
> hard to have a clear opinion and where it’s difficult to oversee all 
> implications it might have.
>
> Who’d be willing to have a look from security perspective?
>
I think you'll need to do a write-up of the overall proposal so that 
folks can jump in and point out the implications. It's not easy to do 
this in a code review of a small piece of the solution. I suspect that 
security-dev will be interested in the details for signed JARs as I 
don't think the current proposal prevents tampering of the file permissions.

-Alan.