ADDITIONAL SYSTEM INFORMATION :
Java 17 through 24
A DESCRIPTION OF THE PROBLEM :
The javadoc for createTempFile calls out its security aspect when FileAttributes are not provided however the same is not true for createTempDirectory.
Thus in order to write secure code a user needs to pass in secure POSIX options when running on posix systems, even when the implementation uses some secure defaults.
For example
instead of `Files.createTempDirectory("anything") a user needs to write code like the following
```
Path tmpDir;
if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
tmpDir = FileSystem.createTempDirectory("anything", EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE)));
} else {
// windows has a tmp directory per user
tmpDir = FileSystem.createTempDirectory("anything");
}
```
This repeats what OpenJDK does under the hood in https://github.com/openjdk/jdk21u-dev/blob/d02ad34144917a36911296b20ce28381ead3f601/src/java.base/share/classes/java/nio/file/TempFileHelper.java because the contract is not defined for the security aspects when no attributes are given.
TL;DR Update the javadoc so that the creation of the temporary directory will be secure when running in posix based file systems.
Java 17 through 24
A DESCRIPTION OF THE PROBLEM :
The javadoc for createTempFile calls out its security aspect when FileAttributes are not provided however the same is not true for createTempDirectory.
Thus in order to write secure code a user needs to pass in secure POSIX options when running on posix systems, even when the implementation uses some secure defaults.
For example
instead of `Files.createTempDirectory("anything") a user needs to write code like the following
```
Path tmpDir;
if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
tmpDir = FileSystem.createTempDirectory("anything", EnumSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE)));
} else {
// windows has a tmp directory per user
tmpDir = FileSystem.createTempDirectory("anything");
}
```
This repeats what OpenJDK does under the hood in https://github.com/openjdk/jdk21u-dev/blob/d02ad34144917a36911296b20ce28381ead3f601/src/java.base/share/classes/java/nio/file/TempFileHelper.java because the contract is not defined for the security aspects when no attributes are given.
TL;DR Update the javadoc so that the creation of the temporary directory will be secure when running in posix based file systems.
- csr for
-
JDK-8350812 (fs) Files.createTempDirectory should say something about the default file permissions when no file attributes specified
-
- Closed
-
- links to
-
Commit(master)
openjdk/jdk/99fb350b
-
Review(master)
openjdk/jdk/23808