[
https://issues.apache.org/jira/browse/HADOOP-6898?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13019264#comment-13019264
]
Hudson commented on HADOOP-6898:
--------------------------------
Integrated in Hadoop-Common-22-branch #39 (See
[https://hudson.apache.org/hudson/job/Hadoop-Common-22-branch/39/])
Merge -r 1091587:1091588 from trunk to branch-0.22. Fixes: HADOOP-6898
> FileSystem.copyToLocal creates files with 777 permissions
> ---------------------------------------------------------
>
> Key: HADOOP-6898
> URL: https://issues.apache.org/jira/browse/HADOOP-6898
> Project: Hadoop Common
> Issue Type: Bug
> Components: fs, security
> Reporter: Todd Lipcon
> Assignee: Aaron T. Myers
> Priority: Blocker
> Fix For: 0.22.0
>
> Attachments: hadoop-6898.0.txt
>
>
> FileSystem.copyToLocal ends up calling through to FileUtil.copy, which calls
> create() on the target file system without passing any permission object.
> Therefore, the file ends up getting created locally with 777 permissions,
> which is dangerous -- even if the caller then fixes up permissions
> afterwards, it exposes a window in which an attacker can open the file.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
