[rfc] hs_err log in temp readable for all
Jiri Vanek
jvanek at redhat.com
Wed May 21 14:48:21 UTC 2014
ping?
On 05/19/2014 03:21 PM, Jiri Vanek wrote:
> Hi!
>
> I run JVM in read only directory in shared server and form time to time it fails. However, I noted that hs_logs which then go to TMP direcotry, are readable to all.
> It may contains private information, and I think that this file should be readable only to its owner.
>
> Attached webrevs fixes it:
> for all hs_err logs - http://jvanek.fedorapeople.org/oracle/jdk9/stricter_permissions/minimal/1/webrev/
> for hs_log in tmp only - http://jvanek.fedorapeople.org/oracle/jdk9/stricter_permissions/better/1/webrev/
>
> If I will be even more paranoid, then i think that hs_err{pid} name is predictable, and can point to pre-created pipe. Maybe this 0600 file should be placed in 0700 directory with salt in name. Or add the salt to file itself (when created in tmp)
>
> I will be happy to adapt the patch for your needs.
>
> Best regards,
> J.
More information about the hotspot-dev
mailing list