Regression in itw from Tue Mar 26

Adam Domurad adomurad at redhat.com
Thu Apr 18 09:45:31 PDT 2013


The test seems wrong to me, which needs to be clarified before we can 
properly address if this is a problem. I don't see any case where 
SecurityDesc could have a null file, and this is the code causing the 
difference:

             } else if (signing == true) {
                 this.security = file.getSecurity();
             } else {
                 this.security = new SecurityDesc(file,
                         SecurityDesc.SANDBOX_PERMISSIONS,
                         codebase.getHost());

If it's signing, it carries on the null file, if not, it overwrites with 
its own SecurityDesc. Am I missing something ? What does a null-file 
signify ? Looking at the code-paths that create SecurityDesc's it seems 
like it cannot happen.

There may still be an issue, however it would not have been introduced 
by my code.

Thanks,
-Adam



More information about the distro-pkg-dev mailing list