RFR 8213031: (zipfs) Add support for POSIX file permissions (was: Enhance jdk.nio.zipfs to support Posix File Permissions)

Langer, Christoph christoph.langer at sap.com
Mon Oct 29 14:55:20 UTC 2018

Hi Alan, security guys,

I've proposed a CSR for this change now: https://bugs.openjdk.java.net/browse/JDK-8213082.

I also updated the webrev, simplifying jdk.nio.zipfs.ZipUtils.permsFromFlags and eliminating the WeakHashMap: http://cr.openjdk.java.net/~clanger/webrevs/8213031.2/

Since I've decoupled the changes to java.util.zip and jartool from those in jdk.zipfs, we're discussing only jdk.zipfs here.

The implication of my change is that when working with files backed by the nio FileSystemProvider (java.nio.file.spi.FileSystemProvider) named "jar", which is the alias for zipfs, the files will support attributes of type java.nio.file.attribute.PosixFilePermissions ("posix:permissions").

It basically means that some methods of java.nio.file.Files that would return null or UnsupportedOperationException before would find an implementation now.


  *   With class https://download.java.net/java/early_access/jdk11/docs/api/java.base/java/nio/file/attribute/PosixFileAttributes.html

  *   With class https://download.java.net/java/early_access/jdk11/docs/api/java.base/java/nio/file/attribute/PosixFileAttributeView.html

Thanks in advance for reviewing.

Best regards

From: Alan Bateman <Alan.Bateman at oracle.com>
Sent: Montag, 29. Oktober 2018 13:06
To: Langer, Christoph <christoph.langer at sap.com>; core-libs-dev <core-libs-dev at openjdk.java.net>; security-dev at openjdk.java.net; Xueming Shen <xueming.shen at oracle.com>
Cc: Volker Simonis <volker.simonis at gmail.com>; Andrew Luo <andrewluotechnologies at outlook.com>; nio-dev <nio-dev at openjdk.java.net>
Subject: Re: RFR 8213031: (zipfs) Add support for POSIX file permissions (was: Enhance jdk.nio.zipfs to support Posix File Permissions)

On 29/10/2018 09:26, Langer, Christoph wrote:


As per request from Alan, I'm adding security-dev to get a review from security perspective.

For security-dev then I think it would be better to write-up a summary of the overall proposal and the implications for applications/libraries that use the APIs and the jar tool. The security discussion points all relate to capture and propagation of file permissions.


More information about the core-libs-dev mailing list