RFR: 8308678: (fs) UnixPath::toRealPath needs additional permissions when running with SM (macOS) [v4]
Alan Bateman
alanb at openjdk.org
Sat May 27 07:57:55 UTC 2023
On Fri, 26 May 2023 16:24:08 GMT, Brian Burkhalter <bpb at openjdk.org> wrote:
>> When not resolving links and the case retention algorithm cannot be run due to a security manager being in place with no read permissions for the tree to be traversed, then fall back to the result obtained without case correction.
>
> Brian Burkhalter has updated the pull request incrementally with one additional commit since the last revision:
>
> 8308678: Change UnixPath::canRead to an instance method
The SM permission issue isn't limited to the root directory as each call to provider.newDirectoryStream will do a permission check too. I think it is wrong for the implementation to ignore the security exceptions as it creates a correctness issue: run it with and without a SM set and you might get different results on macOS.
I think the question for this issue is whether it should fail with a security exception (would require a spec change) or whether it should work like toRealPath() and only require SM permissions to read the file and read the user.dir property. Consistent with the the "follow link" case seems better, in which case, the code to traverse from the root down should move to a separate method and be called in a doPrivileged block. The SM permission checks that are specified by the method are already done at the top of the method.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/14157#issuecomment-1565259821
More information about the nio-dev
mailing list