RFR (S): 8202650: Enforce group for attach listener file
Martin Buchholz
martinrb at google.com
Sat May 5 14:10:41 UTC 2018
http://man7.org/linux/man-pages/man2/chmod.2.html
*S_ISGID *(02000) set-group-ID (set process effective group ID on
execve(2)
<http://man7.org/linux/man-pages/man2/execve.2.html>; mandatory
locking, as described in
fcntl(2)
<http://man7.org/linux/man-pages/man2/fcntl.2.html>; take a new file's
group from parent
directory, as described in chown(2)
<http://man7.org/linux/man-pages/man2/chown.2.html> and mkdir(2)
<http://man7.org/linux/man-pages/man2/mkdir.2.html>)
http://man7.org/linux/man-pages/man2/mkdir.2.html
The newly created directory will be owned by the effective user ID of
the process. If the directory containing the file has the set-group-
ID bit set, or if the filesystem is mounted with BSD group semantics
(*mount -o bsdgroups* or, synonymously *mount -o grpid*), the new
directory will inherit the group ownership from its parent; otherwise
it will be owned by the effective group ID of the process.
If the parent directory has the set-group-ID bit set, then so will
the newly created directory.
http://pubs.opengroup.org/onlinepubs/9699919799/functions/mkdir.html
The POSIX.1-1990 standard required that the group ID of a newly created
directory be set to the group ID of its parent directory or to the
effective group ID of the creating process. FIPS 151-2 required that
implementations provide a way to have the group ID be set to the group ID
of the containing directory, but did not prohibit implementations also
supporting a way to set the group ID to the effective group ID of the
creating process. Conforming applications should not assume which group ID
will be used. If it matters, an application can use *chown*()
<http://pubs.opengroup.org/onlinepubs/9699919799/functions/chown.html> to
set the group ID after the directory is created, or determine under what
conditions the implementation will set the desired group ID.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/serviceability-dev/attachments/20180505/8b7af21a/attachment.html>
More information about the serviceability-dev
mailing list