RFR: 8352728: InternalError loading java.security due to Windows parent folder permissions [v14]

Weijun Wang weijun at openjdk.org
Wed Dec 10 17:54:04 UTC 2025 

On Wed, 10 Dec 2025 15:59:57 GMT, Francisco Ferrari Bihurriet <fferrari at openjdk.org> wrote:

>> The problem with [`Path::normalize`](https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/nio/file/Path.html#normalize()) is the following one:
>>> Eliminating ".." and a preceding name from a path may result in the path that locates a different file than the original path. This can arise when the preceding name is a symbolic link.
>> 
>> This can be demonstrated with the following files structure:
>> 
>> 
>> /tmp/a
>> └── /tmp/a/b -> /tmp/x/y
>> /tmp/x
>> ├── /tmp/x/f2        (name=value)
>> └── /tmp/x/y
>>     └── /tmp/x/y/f1  (include ../f2)
>> 
>> 
>> Which can be created with:
>> 
>> 
>> mkdir -p /tmp/x/y /tmp/a
>> echo 'include ../f2' >/tmp/x/y/f1
>> echo 'name=value' >/tmp/x/f2
>> ln -s /tmp/x/y /tmp/a/b
>> 
>> 
>> Now let's assume we are processing `/tmp/a/b/f1`, `include ../f2` is computed as `included`:
>> 
>> 
>> jshell -<<'EOF'
>> Path current = Path.of("/tmp/a/b/f1");
>> Path included = current.resolveSibling("../f2");
>> System.out.println("                                      included: " +
>>         included);
>> System.out.println("                         included.toRealPath(): " +
>>         included.toRealPath());
>> System.out.println("included.toRealPath(LinkOption.NOFOLLOW_LINKS): " +
>>         included.toRealPath(LinkOption.NOFOLLOW_LINKS));
>> System.out.println("                          included.normalize(): " +
>>         included.normalize());
>> EOF
>> 
>> 
>> Output:
>> 
>> 
>>                                       included: /tmp/a/b/../f2
>>                          included.toRealPath(): /tmp/x/f2
>> included.toRealPath(LinkOption.NOFOLLOW_LINKS): /tmp/a/b/../f2
>>                           included.normalize(): /tmp/a/f2
>> 
>> 
>> But `/tmp/a/f2` doesn't exist:
>> 
>> 
>> user at host:~$ cat /tmp/a/f2
>> cat: /tmp/a/f2: No such file or directory
>> 
>> 
>> To destroy the created directories and files use:
>> 
>> 
>> rm -rf /tmp/x /tmp/a
>
> If you prefer, I can leave the code as it is now, without applying the [suggested change](#discussion_r2594151432).

I'm a little confused. Now that we have agreed to no longer revolving symlinks, `/tmp/a/b/../f2` should indeed be `/tmp/a/f2`. Since it does not exist, we simply fail. Why is this a problem? Did I miss anything?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24465#discussion_r2607641780

More information about the security-dev mailing list