Utility "jar" changes file permissions
Guillaume ALAUX
guillaume at archlinux.org
Mon May 20 06:04:47 PDT 2013
On 20 May 2013 14:49, Jiri Vanek <jvanek at redhat.com> wrote:
> On 05/20/2013 02:42 PM, Guillaume ALAUX wrote:
>>
>> On 20 May 2013 13:02, Jiri Vanek <jvanek at redhat.com> wrote:
>>>
>>> On 05/20/2013 12:33 PM, Guillaume ALAUX wrote:
>>>>
>>>>
>>>> Hello,
>>>>
>>>> When building OpenJDK 7u21 with Icedtea 2.3.9 (for Arch Linux) the
>>>> following jar file gets wrong file permissions (not "go" readable):
>>>>
>>>> % ls -Ahl /usr/lib/jvm/java-7-openjdk/lib/sa-jdi.jar
>>>> -rw------- 1 root root 2.5M May 15 08:33
>>>> /usr/lib/jvm/java-7-openjdk/lib/sa-jdi.jar
>>>>
>>>> I found the "jar" utility has already had such issue as reported here
>>>> [0]
>>>> [1].
>>>>
>>>> I can reproduce the wrong behavior explained in Sun's bug report [1]:
>>>>
>>>> % touch newjar.jar
>>>> % echo New >> newManifest
>>>> % echo OneMore >> oneMoreManifest
>>>>
>>>> % jar -cfM0 newjar.jar newManifest
>>>>
>>>> % ls -l newjar.jar
>>>> -rw-r--r-- 1 guillaume users 132 May 20 12:18 newjar.jar
>>>>
>>>> % jar uf newjar.jar oneMoreManifest
>>>>
>>>> % ls -l newjar.jar
>>>> -rw------- 1 guillaume users 264 May 20 12:20 newjar.jar
>>>>
>>>> There is a unit test called UpdateJar.java in OpenJDK for that.
>>>>
>>>> Is it worth opening a bug report?
>>>>
>>>> [0] https://bugzilla.redhat.com/show_bug.cgi?id=855977
>>>> [1] http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7175845
>>>>
>>>> Thanks!
>>>>
>>>> --
>>>> Guillaume
>>>>
>>>
>>> Hi!
>>>
>>> One of the recent (half an year ago?) security hardening patch changed
>>> api
>>> for temporal files to have just -rw------- permissions. Side effect of
>>> this
>>> is that when you update jar (jar -uf), it is passed through tmp file and
>>> so
>>> the permissions are restricted to -rw------- ... So from point of view
>>> this
>>> is correct behaviour. On the other hand, this is worthy of upstream
>>> (oracle)
>>> bug. As result of jar -u should have the same permissions as had
>>> original.
>>>
>>> The fact that one of the JDK's jars have this permissions is that jdk
>>> compile and jar itself. So if somewhere is update of jar, then it changed
>>> to
>>> -rw------- ... Last time this was reported for java-access-bridge.jar and
>>> fixed in spec file by plain "chmod".
>>>
>>> We can fix this in icedtea, but it will be just temporally workaround.
>>>
>>> Hopes this helped.
>>> J.
>>
>>
>> Actually, a "bare" JDK downloaded from [0] does not show the issue:
>>
>> % ls -l newjar.jar
>> -rw-r--r-- 1 guillaume users 0 May 20 14:08 newjar.jar
>>
>> % ../jdk1.7.0_21/bin/jar -cfM0 newjar.jar newManifest
>>
>> % ls -l newjar.jar
>> -rw-r--r-- 1 guillaume users 132 May 20 14:08 newjar.jar
>>
>> % ../jdk1.7.0_21/bin/jar uf newjar.jar oneMoreManifest
>>
>> % ls -l newjar.jar
>> -rw-r--r-- 1 guillaume users 264 May 20 14:08 newjar.jar
>>
>> So I guess it could be due to IcedTea. Does IcedTea patches the "jar"
>> utility?
>>
>> [0]
>> http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
>>
>
> I'm afraid that it quite common that fixes from openjdk bubble to
> proprietary jdk quite smoothly, but in oposite direction only the crucial
> fixes are delivered:(
>
> So it is possible that hey have already fixed this in it.
>
> J.
OK, I will chmod the jar for now and keep an eye on it for next releases.
Thank you !
--
Guillaume
More information about the distro-pkg-dev
mailing list