RFR: 8337408: Use GetTempPath2 API instead of GetTempPath [v2]

Kevin Walls kevinw at openjdk.org
Wed Sep 11 08:51:17 UTC 2024


On Thu, 15 Aug 2024 20:28:28 GMT, Dhamoder Nalla <dhanalla at openjdk.org> wrote:

>> Use the GetTempPath2 APIs instead of the GetTempPath APIs in native code across the OpenJDK repository to retrieve the temporary directory path, as GetTempPath2 provides enhanced security. While GetTempPath may still function without errors, using GetTempPath2 reduces the risk of potential exploits for users.
>> 
>> 
>> The code to dynamically load GetTempPath2 is duplicated due to the following reasons.  I would appreciate any suggestions to remove the duplication where possible:
>> 
>> 1. The changes span across four different folders—java.base, jdk.package, jdk.attach, and hotspot—with no shared code between them.
>> 2. Some parts of the code use version A, while others use version W (ANSI vs. Unicode).
>> 3. Some parts of the code are written in C others in C++.
>
> Dhamoder Nalla has updated the pull request incrementally with one additional commit since the last revision:
> 
>   fix missing code

OK thanks, so the change only affects SYSTEM accounts, and such accounts already see a different temp path to non-SYSTEM accounts.

Newer and older Java versions run by a SYSTEM account will have different temp paths, therefore the hsperfdata_username will be in a different place.

(I was being picky about attach, but it's a universal thing which is expected to work across different Java versions.)

Do we have any apps commonly run as a Windows SYSTEM account which expect to attach to other Java apps run by a different Java version?  You're suggesting that will have no impact and agreed it would seem really unusual. 8-)

-------------

PR Comment: https://git.openjdk.org/jdk/pull/20600#issuecomment-2343034670


More information about the core-libs-dev mailing list