https://bz.apache.org/bugzilla/show_bug.cgi?id=64654
Stefan Bodewig <bode...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Stefan Bodewig <bode...@apache.org> ---
Actually, java.io.tmpdir is our best bet for finding a writable directory.
Some time in the past we created temporary files inside of the current working
directory rather than the system tempdir and had to change that as in some
contexts the CWD was unwritable. Think CI system using read-only containers
that only mount the build tree.
Most Ant tasks create temporary files inside of the build tree, but not all of
them. When we fixed CVE-2020-1945 we discussed making all tasks ensure they
write to the build directory but not all places that create temporary files
actually know the concept of a "build directory". So any such solution would
have been partial.
Current master will set up a user-specific 700 permission temp directory inside
of java.io.tmpdir if this is possible. But this really still is a kludge and
won't work on Windows.
Therefore the best approach is and remains the user sets up a directory with
proper permissions before starting Ant.
--
You are receiving this mail because:
You are the assignee for the bug.
