RFR - CSR: 8213082: (zipfs) Add support for POSIX file permissions (was: Re: RFR 8213031: (zipfs) Add support for POSIX file permissions)

[Alan Bateman]

On 21/12/2018 10:41, Langer, Christoph wrote:
> Hi folks,
>
> getting back to the topic of adding POSIX file permission support to jdk.zipfs... I think as we are now in the early stages of JDK13, it's a good point in time to get some (hopefully final) activity on that one.
>
> In the last review discussions you were asking me to provide some write-up of the proposal.
> Therefore I updated the CSR. It should now be a valid document for discussing the whole proposal, comprising the problem to solve, the proposed solution and its specification as well as addressing some concerns.
>
> And to get it clear: This item is only about jdk.zipfs. It is really independent of potential enhancements for java.util.zip or the jartool. So, I gently ask you to review the CSR.
>
> As for the implementation: I've worked on it together with Volker and will post an update soon.
>
Adding support for POSIX file permissions to the zip APIs is problematic 
as we've been discussing here. There are security concerns and also 
concerns that how it interacts with JAR files and signed JAR in 
particular. I don't disagree that we can come to agreement on zipfs 
supporting a solution but I think we need to get the bigger picture on 
where this is going first. If the piece to change the java.util.zip APIs 
is dropped then it would make these discussions a lot simpler as it 
removes most of the security issues from the table.

-Alan