Hi,
Please review the fix.
Bug description:
http://bugs.sun.com/view_bug.do?bug_id=7190897
https://jbs.oracle.com/bugs/browse/JDK-7190897
The suggested fix:
http://cr.openjdk.java.net/~uta/openjdk-webrevs/JDK-7190897/webrev.00/
Summary:
The isolated method for the file security descriptor testing against the
process owner is not a realistic approach for run-time permission checking
by two reasons:
1. the user can hold additional privileges due to access to active logon
session
2. the test thread can be impersonated by token that is different from
process token
The problem is covered by test NB project attached to the bug. Please,
read the bug comments for details.
New approach based on WIN32 function AccessCheck that makes run-time
permission checking against the thread token. The function security
setting was adjusted for the file system objects.
The bug JDK-8008810 [(fs) Handle leak in the
[WindowsSecurity.enablePrivilege] method.]
https://jbs.oracle.com/bugs/browse/JDK-8008810
was resoled as part of suggested modification.
Regards,
-uta
