RFR: 8250968: Symlinks attributes not preserved when using jarsigner on zip files
hai-may.chao at oracle.com
Fri Aug 28 20:08:58 UTC 2020
JarSigner.java #953: The output debug message can be removed from the code.
JavaUtilZipFileAccess.java #44: Change posixPerms to extraAttrs.
ZipFile.java #661: Suggest to keep the comment and update it with the additional 4 bits for symlink.
The rest of code changes and CSR look good.
> On Aug 28, 2020, at 7:17 AM, Seán Coffey <sean.coffey at oracle.com> wrote:
> I've been poking around the zip internals and am now able to locate the 16 bits of interest. The position of these actual bits does appear to move around from one test run to another. For now, I guess it's sufficient to look for the pattern of interest in the signed zip file. New testcase added.
> http://cr.openjdk.java.net/~coffeys/webrev.8250968.v4/webrev/ <http://cr.openjdk.java.net/~coffeys/webrev.8250968.v4/webrev/>
> On 27/08/2020 15:58, Weijun Wang wrote:
>>> Looks like it was a conscious design decision to only allow recording of POSIX permission bits for this field (& 0xFFF). I don't see anything about symlink support in zipfs docs.
>> As long as that *byte* is there and it’s not difficult to locate, we can manually add the *bit* for symlink and see if jarsigner can keep it.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security-dev