RFR 8164705: Remove pathname canonicalization from FilePermission
Weijun Wang
weijun.wang at oracle.com
Thu Aug 25 03:55:10 UTC 2016
Hi All
Please take a look at
http://cr.openjdk.java.net/~weijun/8164705/webrev.00
From the beginning of JDK, FilePermission canonicalizes the input path
and use the result in implies() and equals(). This has been a big
performance hurt and leads to confusing results when symlinks are involved.
The code change above removes the canonicalization.
This means FilePermission on "/the/current/working/directory/x" no
longer implies that on "x". Since this might bring quite some
compatibility risk, the code change includes some tweaks in permission
checking to make sure an app is still able to read "x" when the
FilePermission granted is on "/the/current/working/directory/x".
However, we still hope the policy to be updated to be consistent of how
a file is actually accessed.
No tweak is devoted to make granting "/this/is/a/symlink" to imply
reading of "/the/actual/target/file", because we think it should not.
This is quite a big behavior change. If it breaks your app/lib, or does
not work with your customized security manager or policy implementation,
please let us know.
Feel free to provide any feedback.
Finally, a new system property "jdk.filepermission.canonicalize" is
introduced and it can be "true", "false", or "compat". The out-of-box
default is "compat", which means no canonicalization with check tweaks.
Thanks
Max
More information about the security-dev
mailing list