Mercurial > jdk8-mips64-public > hotspot / changeset
changeset
8140244: Port fix of JDK-8075773 to AIX and possibly MacOSX
Wed, 04 Nov 2015 16:23:08 -0800
- author
- clanger
- date
- Wed, 04 Nov 2015 16:23:08 -0800
- changeset 8210
- 2d23269a45a0
- parent 8209
- 8641949eb21f
- child 8211
- b40d68340feb
8140244: Port fix of JDK-8075773 to AIX and possibly MacOSX
Reviewed-by: stuefe, dcubed
| src/os/aix/vm/perfMemory_aix.cpp | file | annotate | diff | comparison | revisions | |
| src/os/bsd/vm/perfMemory_bsd.cpp | file | annotate | diff | comparison | revisions |
1.1 --- a/src/os/aix/vm/perfMemory_aix.cpp Thu Jan 07 02:36:48 2016 -0800 1.2 +++ b/src/os/aix/vm/perfMemory_aix.cpp Wed Nov 04 16:23:08 2015 -0800 1.3 @@ -201,6 +201,7 @@ 1.4 // the backing store files. Returns true if the directory is considered 1.5 // a secure location. Returns false if the statbuf is a symbolic link or 1.6 // if an error occurred. 1.7 +// 1.8 static bool is_statbuf_secure(struct stat *statp) { 1.9 if (S_ISLNK(statp->st_mode) || !S_ISDIR(statp->st_mode)) { 1.10 // The path represents a link or some non-directory file type, 1.11 @@ -209,15 +210,18 @@ 1.12 return false; 1.13 } 1.14 // We have an existing directory, check if the permissions are safe. 1.15 + // 1.16 if ((statp->st_mode & (S_IWGRP|S_IWOTH)) != 0) { 1.17 // The directory is open for writing and could be subjected 1.18 // to a symlink or a hard link attack. Declare it insecure. 1.19 + // 1.20 return false; 1.21 } 1.22 - // See if the uid of the directory matches the effective uid of the process. 1.23 - // 1.24 - if (statp->st_uid != geteuid()) { 1.25 + // If user is not root then see if the uid of the directory matches the effective uid of the process. 1.26 + uid_t euid = geteuid(); 1.27 + if ((euid != 0) && (statp->st_uid != euid)) { 1.28 // The directory was not created by this user, declare it insecure. 1.29 + // 1.30 return false; 1.31 } 1.32 return true; 1.33 @@ -228,6 +232,7 @@ 1.34 // the backing store files. Returns true if the directory exists 1.35 // and is considered a secure location. Returns false if the path 1.36 // is a symbolic link or if an error occurred. 1.37 +// 1.38 static bool is_directory_secure(const char* path) { 1.39 struct stat statbuf; 1.40 int result = 0;
2.1 --- a/src/os/bsd/vm/perfMemory_bsd.cpp Thu Jan 07 02:36:48 2016 -0800 2.2 +++ b/src/os/bsd/vm/perfMemory_bsd.cpp Wed Nov 04 16:23:08 2015 -0800 2.3 @@ -217,9 +217,9 @@ 2.4 // 2.5 return false; 2.6 } 2.7 - // See if the uid of the directory matches the effective uid of the process. 2.8 - // 2.9 - if (statp->st_uid != geteuid()) { 2.10 + // If user is not root then see if the uid of the directory matches the effective uid of the process. 2.11 + uid_t euid = geteuid(); 2.12 + if ((euid != 0) && (statp->st_uid != euid)) { 2.13 // The directory was not created by this user, declare it insecure. 2.14 // 2.15 return false;
