Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review permissions needed #133

Closed
Phu2 opened this issue Sep 14, 2023 · 5 comments · Fixed by #134 or #139
Closed

Review permissions needed #133

Phu2 opened this issue Sep 14, 2023 · 5 comments · Fixed by #134 or #139
Assignees
@fsteeg @Phu2 @katauber

Comments

@Phu2
Copy link
Contributor

Phu2 commented Sep 14, 2023

Regarding the permissions preset in .java.policy_move_to_home_dir:

        permission java.io.FilePermission "${user.dir}/-", "write, read, delete";

Do we really need these permissions on the whole installation directory recursively?

        permission java.io.FilePermission "${user.home}/-", "read";

Looks like only the subdirectory ${user.home}/.m2/-needs to be readable.
There might be other files and subdirectories in ${user.home} which do not need and should not be readable.
@Phu2 Phu2 linked a pull request Sep 14, 2023 that will close this issue
Restrict permissions further #134
Merged
@dr0i
Copy link
Member

dr0i commented Sep 15, 2023

Re permission java.io.FilePermission "${user.dir}/-", "write, read, delete"; : good question . I don't like that one, generally speaking.

katauber added a commit that referenced this issue Sep 27, 2023
@katauber
Restrict File Permissions in user.dir. See #133
330eff0
@katauber katauber mentioned this issue Sep 27, 2023
Merged
@katauber
Copy link
Member

katauber commented Sep 27, 2023
edited
Loading

I tested a bit around and I think we can restrict the File Permissions further like in 330eff0
Do you like this more @dr0i and @Phu2 ? :)

@Phu2
Copy link
Contributor Author

Phu2 commented Sep 28, 2023

Looks good to me.
This is related to #122 right?

@katauber
Copy link
Member

Looks good to me. This is related to #122 right?

Not really. This issue is about File permissions of the Security Manager (read, write, delete access) and #122 is about the size of the files generated by the Playground while processing. I don't think the Security Manager can set size limits; that must be implemented in the code I think.

@dr0i
Copy link
Member

dr0i commented Sep 28, 2023

+1 for 330eff0

@dr0i dr0i removed their assignment Sep 29, 2023
@katauber katauber reopened this Sep 29, 2023
@katauber katauber moved this to Working in Metafacture Sep 29, 2023
@katauber katauber moved this from Working to Review in Metafacture Sep 29, 2023
@dr0i dr0i closed this as completed in #139 Sep 29, 2023
@github-project-automation github-project-automation bot moved this from Review to Done in Metafacture Sep 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fsteeg fsteeg

@Phu2 Phu2

@katauber katauber

Labels
None yet
Projects
Metafacture
Archived in project
Milestone
No milestone
4 participants
@fsteeg @Phu2 @dr0i @katauber