Utility "jar" changes file permissions
Guillaume ALAUX
guillaume at archlinux.org
Mon May 20 05:42:02 PDT 2013
On 20 May 2013 13:02, Jiri Vanek <jvanek at redhat.com> wrote:
> On 05/20/2013 12:33 PM, Guillaume ALAUX wrote:
>>
>> Hello,
>>
>> When building OpenJDK 7u21 with Icedtea 2.3.9 (for Arch Linux) the
>> following jar file gets wrong file permissions (not "go" readable):
>>
>> % ls -Ahl /usr/lib/jvm/java-7-openjdk/lib/sa-jdi.jar
>> -rw------- 1 root root 2.5M May 15 08:33
>> /usr/lib/jvm/java-7-openjdk/lib/sa-jdi.jar
>>
>> I found the "jar" utility has already had such issue as reported here [0]
>> [1].
>>
>> I can reproduce the wrong behavior explained in Sun's bug report [1]:
>>
>> % touch newjar.jar
>> % echo New >> newManifest
>> % echo OneMore >> oneMoreManifest
>>
>> % jar -cfM0 newjar.jar newManifest
>>
>> % ls -l newjar.jar
>> -rw-r--r-- 1 guillaume users 132 May 20 12:18 newjar.jar
>>
>> % jar uf newjar.jar oneMoreManifest
>>
>> % ls -l newjar.jar
>> -rw------- 1 guillaume users 264 May 20 12:20 newjar.jar
>>
>> There is a unit test called UpdateJar.java in OpenJDK for that.
>>
>> Is it worth opening a bug report?
>>
>> [0] https://bugzilla.redhat.com/show_bug.cgi?id=855977
>> [1] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7175845
>>
>> Thanks!
>>
>> --
>> Guillaume
>>
>
> Hi!
>
> One of the recent (half an year ago?) security hardening patch changed api
> for temporal files to have just -rw------- permissions. Side effect of this
> is that when you update jar (jar -uf), it is passed through tmp file and so
> the permissions are restricted to -rw------- ... So from point of view this
> is correct behaviour. On the other hand, this is worthy of upstream (oracle)
> bug. As result of jar -u should have the same permissions as had original.
>
> The fact that one of the JDK's jars have this permissions is that jdk
> compile and jar itself. So if somewhere is update of jar, then it changed to
> -rw------- ... Last time this was reported for java-access-bridge.jar and
> fixed in spec file by plain "chmod".
>
> We can fix this in icedtea, but it will be just temporally workaround.
>
> Hopes this helped.
> J.
Actually, a "bare" JDK downloaded from [0] does not show the issue:
% ls -l newjar.jar
-rw-r--r-- 1 guillaume users 0 May 20 14:08 newjar.jar
% ../jdk1.7.0_21/bin/jar -cfM0 newjar.jar newManifest
% ls -l newjar.jar
-rw-r--r-- 1 guillaume users 132 May 20 14:08 newjar.jar
% ../jdk1.7.0_21/bin/jar uf newjar.jar oneMoreManifest
% ls -l newjar.jar
-rw-r--r-- 1 guillaume users 264 May 20 14:08 newjar.jar
So I guess it could be due to IcedTea. Does IcedTea patches the "jar" utility?
[0] http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
More information about the distro-pkg-dev
mailing list