This is an automated email from the ASF dual-hosted git repository.
hexiaoqiao pushed a commit to branch branch-3.4.0
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-3.4.0 by this push:
new 8c2836402fbb HADOOP-19031. Enhance access control for RunJar. (#6427).
Contributed by He Xiaoqiao.
8c2836402fbb is described below
commit 8c2836402fbb2f619f1fef4ef625a8542e853a64
Author: Hexiaoqiao <hexiaoq...@apache.org>
AuthorDate: Wed Jan 17 15:00:06 2024 +0800
HADOOP-19031. Enhance access control for RunJar. (#6427). Contributed by He
Xiaoqiao.
Signed-off-by: Shuyan Zhang <zhangshu...@apache.org>
Signed-off-by: Shilun Fan <slfan1...@apache.org>
Signed-off-by: Ayush Saxena <ayushsax...@apache.org>
(cherry picked from commit 9634bd31e6594312b68d9e07b736d18d29f7648c)
---
.../src/main/java/org/apache/hadoop/util/RunJar.java | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/RunJar.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/RunJar.java
index c28e69f54611..e527f602cdd3 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/RunJar.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/RunJar.java
@@ -28,10 +28,14 @@ import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.file.Files;
+import java.nio.file.attribute.FileAttribute;
+import java.nio.file.attribute.PosixFilePermission;
+import java.nio.file.attribute.PosixFilePermissions;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
+import java.util.Set;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.JarInputStream;
@@ -287,20 +291,18 @@ public class RunJar {
final File workDir;
try {
- workDir = File.createTempFile("hadoop-unjar", "", tmpDir);
- } catch (IOException ioe) {
+ FileAttribute<Set<PosixFilePermission>> perms = PosixFilePermissions
+ .asFileAttribute(PosixFilePermissions.fromString("rwx------"));
+ workDir = Files.createTempDirectory(tmpDir.toPath(), "hadoop-unjar",
perms).toFile();
+ } catch (IOException | SecurityException e) {
// If user has insufficient perms to write to tmpDir, default
// "Permission denied" message doesn't specify a filename.
System.err.println("Error creating temp dir in java.io.tmpdir "
- + tmpDir + " due to " + ioe.getMessage());
+ + tmpDir + " due to " + e.getMessage());
System.exit(-1);
return;
}
- if (!workDir.delete()) {
- System.err.println("Delete failed for " + workDir);
- System.exit(-1);
- }
ensureDirectory(workDir);
ShutdownHookManager.get().addShutdownHook(
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org
