> On Feb 9, 2015, at 13:27, deven you <[email protected]> wrote:
>
> Hi Weijun,
>
> From my understanding, the new proposal will let implies method only depends
> on the absolute path in policy file, correct? So it's user's responsibility
> to ensure files who want to access is relative to the absolute path in some
> policy file?
No, you can still add a FilePermission on a relative path, and then it only
allows you accessing the file with a relative path.
For example, if the current working directory is /home/me, and the policy file
has
FilePermission doc/-, read;
You can only call new FileInputStream("doc/a.txt"), you cannot call new
FileInputStream("/home/me/doc/a.txt"), because without consulting the file
system (i.e. canonicalize the path), there is no way to find out
/home/me/doc/a.txt is inside doc.
On the other hand, if the policy file has
FilePermission /etc/passwd, read;
You cannot call new FileInputStream("../../etc/passwd"), although we think
nobody will try that.
>
> I personal agree this proposal. Is there any doc or link for this new
> proposal? Or if you can update the information for this proposal here, I will
> be very appreciate!
Not yet. This is just an experiment, and given the incompatibility, we are
still evaluating if it is doable. As I said in my previous mail, we don't want
anyone to rewrite his/her apps, and we hope it's easy to modify policy files.
Actually, since this makes FilePermission simpler, there won't be a long doc.
Thanks
Max
>
> Thanks a lot!
>
> 2015-02-09 11:51 GMT+08:00 Wang Weijun <[email protected]>:
>
> > On Feb 9, 2015, at 11:22, deven you <[email protected]> wrote:
> >
> > Hi Weijun,
> >
> > I see JDK-4141872 marked as Not an Issue, is there any further task
> > continue, or there is any link else to track this problem to remove the
> > canonical path?
>
> It was marked as Not an Issue, but we are reconsidering about it.
>
> >
> > It's a big improvement if canonical path can be totally removed but I can't
> > figure out how we get the result of the implies* methods without canonical
> > path? Any more detail?
>
> The current proposed idea is that if you want to access a file using absolute
> path, you should add a FilePermission line in the policy file with an
> absolute path. If relative, relative. The overall idea is that the implies
> method should be implemented without consulting the actual file system but
> only by looking at the names themselves.
>
> That's why I said there is a very big incompatible change. We hope people
> only needs to modify their policy files and do not need to rewrite their
> apps, but we are still investigating if this can always be true.
>
> Thanks
> Max
>
> >
> > Thanks a lot!
>
>
