Hi Alan, thanks for looking at this issue. I've dived into the ZipFS implementation during the last weeks and together with Christoph we've extended and improved both the implementation the test coverage. As Christoph already emphasized, this change is only for improving jdk.nio.zipfs without any side effects on java.util.zip and java.util.jar.
Please find my comments for the CSR below (for some reason I couldn't add them to the CSR directly). I'd really appreciate if you could reconsider reviewing Christoph's change ("RFR 8213031: (zipfs) Add support for POSIX file permissions") and CSR. Thank you, Volker ============================================= I've thoroughly looked at this proposal and honestly speaking, I don't think that we even need a CSR for the proposed enhancement. Only the implementation of some classes in the `jdk.nio.zipfs` package are changed but no publicly exported API's. As Christoph emphasized, the proposed changes **only** affect the Zip File System as implemented in the `jdk.nio.zipfs` package. It doesn't touch neither the implementation nor the behavior of any of the classes in the `java.util.zip` or `java.util.jar` packages. Previous reviewers of this CSR and of the corresponding change JDK-8213031 raised some concerns regarding the security implication of this change - especially in the context of signed jars. I've looked at these concerns but I couldn't find any evidence for problems because: - no exposed JAR functionality is affected by these changes (because that is handled by the implementation in `java.util.zip` and `java.util.jar`) - Jar signing doesn't take file attributes into account (even not the basic attributes like the modification time). It only hashes the file contents. You can already now use external zip tools to update the attributes of files in a signed archive without affecting the validity of the signature. For all these reasons I've reviewed this CSR and I kindly ask you to approve it. On Fri, Dec 21, 2018 at 2:43 PM Langer, Christoph <christoph.lan...@sap.com> wrote: > > Hi Alan, > > > Adding support for POSIX file permissions to the zip APIs is problematic > > as we've been discussing here. There are security concerns and also > > concerns that how it interacts with JAR files and signed JAR in > > particular. I don't disagree that we can come to agreement on zipfs > > supporting a solution but I think we need to get the bigger picture on > > where this is going first. If the piece to change the java.util.zip APIs > > is dropped then it would make these discussions a lot simpler as it > > removes most of the security issues from the table. > > Yes, please consider changes to java.util.zip APIs as dropped. At least for > the moment. I'm not saying I won't ever get back to that topic but maybe an > enhancement of jdk.zipfs is already sufficient to provide the required Posix > permission support for the Java platform. > > Best regards > Christoph >