[kaffe] File.createTempFile() creates files in /tmp with mode 0666!

Jim Pick jim@kaffe.org
Sun Mar 2 18:41:01 2003


Hmm, yeah, I agree - that's not nice.

Here's what I tried.

===> PermCheck.java
import java.io.*;

class PermCheck {
  public static void main( String args[] ) throws IOException {
    File f = new File("testing");
    f.createNewFile();
    f = File.createTempFile("testing",".tmp");
    System.out.println(f);
  }
}
<===

$ umask 002; rm -f testing /tmp/testing* ; kaffe PermCheck ; ls -l
testing /tmp/testing*
/tmp/testing75ED7.tmp
-rw-rw-r--    1 jim      jim             0 Mar  2 17:46 testing
-rw-rw-r--    1 jim      jim             0 Mar  2 17:46
/tmp/testing75ED7.tmp
$ umask 002; rm -f testing /tmp/testing* ; java PermCheck ; ls -l
testing /tmp/testing*
/tmp/testing28884.tmp
-rw-rw-r--    1 jim      jim             0 Mar  2 17:46 testing
-rw-rw-r--    1 jim      jim             0 Mar  2 17:46
/tmp/testing28884.tmp

Not good.  But it looks liek JDK 1.4.1 does the same thing.

$ java -version
java version "1.4.1_01"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1_01-b01)
Java HotSpot(TM) Client VM (build 1.4.1_01-b01, mixed mode)

Checking classpath:

http://savannah.gnu.org/cgi-bin/viewcvs/classpath/classpath/java/io/File.java?rev=1.23&content-type=text/vnd.viewcvs-markup
http://savannah.gnu.org/cgi-bin/viewcvs/classpath/classpath/native/jni/java-io/java_io_File.c?rev=1.5&content-type=text/vnd.viewcvs-markup

I don't see any special handling there.  They use "0777" as their mode.

Checking libgcj:

http://subversions.gnu.org/cgi-bin/viewcvs/gcc/gcc/libjava/java/io/File.java?rev=1.24.2.1&content-type=text/vnd.viewcvs-markup
http://subversions.gnu.org/cgi-bin/viewcvs/gcc/gcc/libjava/java/io/natFilePosix.cc?rev=1.2.2.1&content-type=text/vnd.viewcvs-markup

Again, don't see any special handling, but they use "0644".  Hmm.

I also found an older version that Tom Tromey posted:

http://gcc.gnu.org/ml/java-patches/2000-q1/msg00108.html 

In this case, there does seem to be special handling for temp files,
where he uses "0600" if it's a temp file, and "0644" otherwise.  It does
look like they eventually decided to not use "0600" for temp files (my
guess is that it broke code).

>From the looks of this, it does look somewhat undefined.  I think we're
doing what Sun does, but that makes me somewhat nervous.  I can see how
it could be considered "correct" if somebody uses a temp file location
other than /tmp.  However, since we default to /tmp (as does Sun), using
the default behaviour looks like a way to create security holes to me. 
If somebody is writing portable code, using File.createTempFile() with
the default directory setting looks like bad news to me (unless I'm
missing something).

So, I personally vote for changing the mode to "0644" or "0600".

Does anybody else know anything about this issue?

Cheers,

 - Jim


On Sun, 2003-03-02 at 13:23, Mark J Roberts wrote:
> Creating /tmp files with mode 0666 is insane. Other users should
> never be able to read or write to your temp files! Case in point:
> 
> -rw-rw-r--    1 mjr      mjr             0 Mar  2 15:19 prefixF2571suffix
> 
> After the patch:
> 
> -rw-------    1 mjr      mjr             0 Mar  2 15:20 prefix87783suffix
> 
> Index: libraries/clib/io/File.c
> ===================================================================
> RCS file: /cvs/kaffe/kaffe/libraries/clib/io/File.c,v
> retrieving revision 1.17
> diff -u -r1.17 File.c
> --- libraries/clib/io/File.c	18 Dec 1999 07:40:25 -0000	1.17
> +++ libraries/clib/io/File.c	2 Mar 2003 21:17:16 -0000
> @@ -319,7 +319,7 @@
>  }
>  
>  jboolean
> -java_io_File_createNewFile0(struct Hjava_io_File* this)
> +java_io_File_createNewFile0(struct Hjava_io_File* this, jint mode)
>  {
>  	char str[MAXPATHLEN];
>  	int fd;
> @@ -327,7 +327,7 @@
>  
>  	stringJava2CBuf(unhand(this)->path, str, sizeof(str));
>  
> -	rc = KOPEN(str, O_EXCL|O_WRONLY|O_CREAT, 0666, &fd);
> +	rc = KOPEN(str, O_EXCL|O_WRONLY|O_CREAT, mode, &fd);
>  	switch (rc) {
>  	case 0:
>  		break;
> Index: libraries/javalib/java/io/File.java
> ===================================================================
> RCS file: /cvs/kaffe/kaffe/libraries/javalib/java/io/File.java,v
> retrieving revision 1.30
> diff -u -r1.30 File.java
> --- libraries/javalib/java/io/File.java	21 Nov 2002 21:57:24 -0000	1.30
> +++ libraries/javalib/java/io/File.java	2 Mar 2003 21:17:17 -0000
> @@ -117,7 +117,9 @@
>  		File f = new File(dir, prefix
>  		    + Integer.toHexString(
>  			random.nextInt(0x100000)).toUpperCase() + suffix);
> -		if (f.createNewFile())
> +
> +		f.checkWriteAccess();
> +		if (f.createNewFile0(0600))
>  			return f;
>  	}
>  }
> @@ -387,10 +389,10 @@
>  
>  public boolean createNewFile() throws IOException {
>  	checkWriteAccess();
> -	return createNewFile0();
> +	return createNewFile0(0666);
>  }
>  
> -native private boolean createNewFile0() throws IOException;
> +native private boolean createNewFile0(int mode) throws IOException;
>  
>  public boolean setLastModified(long time) {
>  	checkWriteAccess();
> 
> _______________________________________________
> kaffe mailing list
> kaffe@kaffe.org
> http://kaffe.org/cgi-bin/mailman/listinfo/kaffe