db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kahat...@apache.org
Subject svn commit: r1492110 - in /db/derby/code/trunk/java: engine/org/apache/derby/impl/io/DirFile4.java testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
Date Wed, 12 Jun 2013 08:28:35 GMT
Author: kahatlen
Date: Wed Jun 12 08:28:35 2013
New Revision: 1492110

URL: http://svn.apache.org/r1492110
Log:
DERBY-6258: Restrict permissions on BACKUP.HISTORY

Modified:
    db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile4.java
    db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java

Modified: db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile4.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile4.java?rev=1492110&r1=1492109&r2=1492110&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile4.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/impl/io/DirFile4.java Wed Jun 12 08:28:35
2013
@@ -37,6 +37,7 @@ import java.nio.channels.FileChannel;
 import java.nio.channels.FileLock;
 import java.nio.channels.OverlappingFileLockException;
 import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.io.FileUtil;
 import org.apache.derby.iapi.util.InterruptStatus;
 
 /**
@@ -111,7 +112,16 @@ class DirFile4 extends DirFile
      */
     public OutputStream getOutputStream( final boolean append) throws FileNotFoundException
     {
-        return new FileOutputStream( (File) this, append);
+        boolean existed = exists();
+        OutputStream result = new FileOutputStream( (File) this, append);
+
+        if (!existed) {
+            // The file didn't exist before and was created when the stream
+            // was opened. Restrict the permissions of the newly created file.
+            FileUtil.limitAccessToOwner(this);
+        }
+
+        return result;
     }
 
     public synchronized int getExclusiveFileLock() throws StandardException

Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java?rev=1492110&r1=1492109&r2=1492110&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
(original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
Wed Jun 12 08:28:35 2013
@@ -371,6 +371,12 @@ public class RestrictiveFilePermissionsT
         checkAccessToOwner(
             fbd, true, POSITIVE);
 
+        // DERBY-6258: When taking a backup, a file called BACKUP.HISTORY
+        // is created in the original database directory. Verify that its
+        // permissions are restricted.
+        final File db = new File(home, dbName);
+        checkAccessToOwner(db, true, POSITIVE);
+
         // Prepare to restore
         TestConfiguration.getCurrent().shutdownDatabase();
 
@@ -383,7 +389,6 @@ public class RestrictiveFilePermissionsT
             ds, "connectionAttributes", "restoreFrom=" + fullRestoreDir);
         final Connection con = ds.getConnection();
 
-        final File db = new File(home, dbName);
         checkAccessToOwner(
             db, true, POSITIVE);
 
@@ -771,8 +776,8 @@ public class RestrictiveFilePermissionsT
                                     } else {
                                         if (expectedOutcome == POSITIVE) {
                                             fail(
-                                                "unexpected uid has access: " +
-                                                princName);
+                                                "unexpected uid " + princName +
+                                                " can access file " + file);
                                         } else {
                                             someThingBeyondOwnerFound = true;
                                         }
@@ -794,6 +799,10 @@ public class RestrictiveFilePermissionsT
                                 Object perm = i.next();
 
                                 if (unwantedPermissions.contains(perm)) {
+                                    if (expectedOutcome == POSITIVE) {
+                                        fail("unwanted permission " + perm +
+                                             " for file " + file);
+                                    }
                                     someThingBeyondOwnerFound = true;
                                     break;
                                 }



Mime
View raw message