[
https://issues.apache.org/jira/browse/HADOOP-6898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron T. Myers updated HADOOP-6898:
-----------------------------------
Attachment: hadoop-6898.0.txt
Sorry for the delay, Nigel. Patch attached.
> FileSystem.copyToLocal creates files with 777 permissions
> ---------------------------------------------------------
>
> Key: HADOOP-6898
> URL: https://issues.apache.org/jira/browse/HADOOP-6898
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs, security
> Reporter: Todd Lipcon
> Assignee: Aaron T. Myers
> Priority: Blocker
> Fix For: 0.22.0
>
> Attachments: hadoop-6898.0.txt
>
>
> FileSystem.copyToLocal ends up calling through to FileUtil.copy, which calls
> create() on the target file system without passing any permission object.
> Therefore, the file ends up getting created locally with 777 permissions,
> which is dangerous -- even if the caller then fixes up permissions
> afterwards, it exposes a window in which an attacker can open the file.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
