Jim Pick: > From the looks of this, it does look somewhat undefined. I think we're > doing what Sun does, but that makes me somewhat nervous. I can see how > it could be considered "correct" if somebody uses a temp file location > other than /tmp. However, since we default to /tmp (as does Sun), using > the default behaviour looks like a way to create security holes to me. > If somebody is writing portable code, using File.createTempFile() with > the default directory setting looks like bad news to me (unless I'm > missing something). > > So, I personally vote for changing the mode to "0644" or "0600". > > Does anybody else know anything about this issue?
I'm at a loss for why someone would use this API with the intention of creating a file that other users would access, but from your reply, it seems to be designed and even used with that in mind. My feeling is that the whole notion of a default temp dir is stupid and that the two-argument form of this call is insecure by design. So I think we're more or less in agreement. This may be a reasonable solution: * The three-argument form is unchanged. Callers are responsible for whatever security the file will have. * If java.io.tmpdir is explicitly user-configured, behavior is unchanged. The user who configured it is responsible for the security of files in the temp dir. * If java.io.tmpdir is _not_ configured, assume the user wants a secure temp file, and do it in the best platform-specific way. _______________________________________________ kaffe mailing list [EMAIL PROTECTED] http://kaffe.org/cgi-bin/mailman/listinfo/kaffe