8028270: Files.readSymbolicLink calls AccessController directly so security manager can't grant the permission
Martin Buchholz
martinrb at google.com
Wed Nov 13 08:01:31 PST 2013
If you compare with the analogous code in createSymbolicLink, one would
expect in addition a call to link.checkRead, since this is "reading the
contents of a file". Users expect their security manager's checkRead
method to be called here.
On Wed, Nov 13, 2013 at 4:38 AM, Alan Bateman <Alan.Bateman at oracle.com>wrote:
>
> This is a follow-up to Martin's mail of yesterday where he pointed out
> that the implementations of readSymbolicLink are doing the permission check
> by calling AccessController.checkPermission directly. The bug means the
> security manager doesn't get a chance to grant the permission.
>
> Here's the webrev to fix this (and also expand the CheckPermissions test
> to cover this case, the lack of the a test case is how this one slipped
> through).
>
> http://cr.openjdk.java.net/~alanb/8028270/webrev/
>
> -Alan.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/nio-dev/attachments/20131113/04ef63ee/attachment.html
More information about the nio-dev
mailing list