RFR - CSR: 8213082: (zipfs) Add support for POSIX file permissions (was: Re: RFR 8213031: (zipfs) Add support for POSIX file permissions)
Alan Bateman
Alan.Bateman at oracle.com
Wed Jan 2 11:45:15 UTC 2019
On 21/12/2018 13:43, Langer, Christoph wrote:
> Hi Alan,
>
>> Adding support for POSIX file permissions to the zip APIs is problematic
>> as we've been discussing here. There are security concerns and also
>> concerns that how it interacts with JAR files and signed JAR in
>> particular. I don't disagree that we can come to agreement on zipfs
>> supporting a solution but I think we need to get the bigger picture on
>> where this is going first. If the piece to change the java.util.zip APIs
>> is dropped then it would make these discussions a lot simpler as it
>> removes most of the security issues from the table.
> Yes, please consider changes to java.util.zip APIs as dropped. At least for the moment. I'm not saying I won't ever get back to that topic but maybe an enhancement of jdk.zipfs is already sufficient to provide the required Posix permission support for the Java platform.
>
I've looked at the updated CSR. It would be good to include the spec
changes, meaning the javadoc update to jdk.zipfs/module-info.java where
it will document that it supports PosixFileAttributeView. I suspect
there is also a discussion point around owner/group as I can't tell from
the CSR if the UNIX extra fields are being used to encode the uid/gid
(the original spec did not envisage supporting PosixFileAttributeView
without also supporting file ownership).
-Alan
More information about the core-libs-dev
mailing list