RFR - CSR: 8213082: (zipfs) Add support for POSIX file permissions (was: Re: RFR 8213031: (zipfs) Add support for POSIX file permissions)
Alan.Bateman at oracle.com
Fri Dec 21 11:16:44 UTC 2018
On 21/12/2018 10:41, Langer, Christoph wrote:
> Hi folks,
> getting back to the topic of adding POSIX file permission support to jdk.zipfs... I think as we are now in the early stages of JDK13, it's a good point in time to get some (hopefully final) activity on that one.
> In the last review discussions you were asking me to provide some write-up of the proposal.
> Therefore I updated the CSR. It should now be a valid document for discussing the whole proposal, comprising the problem to solve, the proposed solution and its specification as well as addressing some concerns.
> And to get it clear: This item is only about jdk.zipfs. It is really independent of potential enhancements for java.util.zip or the jartool. So, I gently ask you to review the CSR.
> As for the implementation: I've worked on it together with Volker and will post an update soon.
Adding support for POSIX file permissions to the zip APIs is problematic
as we've been discussing here. There are security concerns and also
concerns that how it interacts with JAR files and signed JAR in
particular. I don't disagree that we can come to agreement on zipfs
supporting a solution but I think we need to get the bigger picture on
where this is going first. If the piece to change the java.util.zip APIs
is dropped then it would make these discussions a lot simpler as it
removes most of the security issues from the table.
More information about the core-libs-dev