RFR 8213031: (zipfs) Add support for POSIX file permissions
Alan.Bateman at oracle.com
Mon Nov 5 15:59:29 UTC 2018
On 05/11/2018 13:05, Langer, Christoph wrote:
> Hi Alan, all,
> I’d welcome a discussion, for sure. Unfortunately there hasn’t been so
> much participation in this yet. I think this is an item where it’s
> hard to have a clear opinion and where it’s difficult to oversee all
> implications it might have.
> Who’d be willing to have a look from security perspective?
I think you'll need to do a write-up of the overall proposal so that
folks can jump in and point out the implications. It's not easy to do
this in a code review of a small piece of the solution. I suspect that
security-dev will be interested in the details for signed JARs as I
don't think the current proposal prevents tampering of the file permissions.
More information about the core-libs-dev