RFR - CSR: 8213082: (zipfs) Add support for POSIX file permissions (was: Re: RFR 8213031: (zipfs) Add support for POSIX file permissions)
Langer, Christoph
christoph.langer at sap.com
Fri Dec 21 13:43:13 UTC 2018
Hi Alan,
> Adding support for POSIX file permissions to the zip APIs is problematic
> as we've been discussing here. There are security concerns and also
> concerns that how it interacts with JAR files and signed JAR in
> particular. I don't disagree that we can come to agreement on zipfs
> supporting a solution but I think we need to get the bigger picture on
> where this is going first. If the piece to change the java.util.zip APIs
> is dropped then it would make these discussions a lot simpler as it
> removes most of the security issues from the table.
Yes, please consider changes to java.util.zip APIs as dropped. At least for the moment. I'm not saying I won't ever get back to that topic but maybe an enhancement of jdk.zipfs is already sufficient to provide the required Posix permission support for the Java platform.
Best regards
Christoph
More information about the security-dev
mailing list