[rfc] hs_err log in temp readable for all

Jiri Vanek jvanek at redhat.com
Wed May 21 14:48:21 UTC 2014


ping?

On 05/19/2014 03:21 PM, Jiri Vanek wrote:
> Hi!
>
> I run JVM in read only directory in shared server and form time to time it fails. However, I noted that hs_logs which then go to TMP direcotry, are readable to all.
> It may contains private information, and I think that this file should be readable only to its owner.
>
> Attached webrevs fixes it:
> for all hs_err logs - http://jvanek.fedorapeople.org/oracle/jdk9/stricter_permissions/minimal/1/webrev/
> for hs_log in tmp only - http://jvanek.fedorapeople.org/oracle/jdk9/stricter_permissions/better/1/webrev/
>
> If I will be even more paranoid, then i think that hs_err{pid} name is predictable, and can point to pre-created pipe. Maybe this 0600 file should be placed in 0700 directory with salt in name. Or add the salt to file itself (when created in tmp)
>
> I will be happy to adapt the patch for your needs.
>
>   Best regards,
>    J.



More information about the hotspot-dev mailing list