[
https://issues.apache.org/jira/browse/DERBY-6258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Knut Anders Hatlen updated DERBY-6258:
--------------------------------------
Attachment: derby-6258-01-a.diff
The attached patch makes sure DirFile4.getOutputStream(boolean) restricts the
file permissions if it creates a new file (and Derby is set up to restrict file
permissions).
It also makes RestrictiveFilePermissionsTest.testBackupRestoreFiles() check the
permissions of the files in the original database after backup to verify the
fix.
When running the test without the fix, I found that it would only report the
problem on Windows. On *nix platforms it ran cleanly also without the fix. The
reason is that the checkAccessToOwner() method uses different logic on
different platforms: PosixFileAttributesView when available, and
AclFileAttributesView otherwise. The case for PosixFileAttributesView lacked a
call to fail() when unexpected permissions were found. The patch adds the
missing call so that the permissions are verified on more platforms.
Running regression tests on the patch.
> Restrict permissions on BACKUP.HISTORY
> --------------------------------------
>
> Key: DERBY-6258
> URL: https://issues.apache.org/jira/browse/DERBY-6258
> Project: Derby
> Issue Type: Improvement
> Affects Versions: 10.9.1.0, 10.10.1.1
> Reporter: Knut Anders Hatlen
> Assignee: Knut Anders Hatlen
> Attachments: derby-6258-01-a.diff
>
>
> DirFile4.getOutputStream(boolean) does not restrict the file permissions on
> the file if it ends up creating a new file.
> This method is only used for writing to BACKUP.HISTORY during backup. The
> BACKUP.HISTORY file in the backup does have restricted file permissions, it
> is only the file in the original database that is created with less
> restrictive permissions.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
