On 02/09/2015 04:51 AM, Wang Weijun wrote:
On Feb 9, 2015, at 11:22, deven you <ydwch...@gmail.com> wrote:
Hi Weijun,
I see JDK-4141872 marked as Not an Issue, is there any further task continue,
or there is any link else to track this problem to remove the canonical path?
It was marked as Not an Issue, but we are reconsidering about it.
It's a big improvement if canonical path can be totally removed but I can't
figure out how we get the result of the implies* methods without canonical
path? Any more detail?
The current proposed idea is that if you want to access a file using absolute
path, you should add a FilePermission line in the policy file with an absolute
path. If relative, relative. The overall idea is that the implies method should
be implemented without consulting the actual file system but only by looking at
the names themselves.
That's why I said there is a very big incompatible change. We hope people only
needs to modify their policy files and do not need to rewrite their apps, but
we are still investigating if this can always be true.
Hi Max,
Of course you are aware that by trusting the symlinks, you potentially
give much more permission than you would hope to. Suppose that some code
has permission to read and write into a particular directory (for
temporary files). With this permission the code can actually read and/or
write any file in the filesystem that OS grants access to the java
process. Merely by creating a symlink in the read/write-able directory
and accessing the file through it. That's why Apache HTTP Server by
default disables "FollowSymLinks" option.
Regards, Peter
Thanks
Max
Thanks a lot!
