Return-Path: 
 <common-issues-return-13987-apmail-hadoop-common-issues-archive=hadoop.apache.org@hadoop.apache.org>
Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org
Received: (qmail 4454 invoked from network); 12 Apr 2011 19:32:46 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 12 Apr 2011 19:32:46 -0000
Received: (qmail 84869 invoked by uid 500); 12 Apr 2011 19:32:46 -0000
Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org
Received: (qmail 84824 invoked by uid 500); 12 Apr 2011 19:32:46 -0000
Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-issues@hadoop.apache.org>
List-Id: <common-issues.hadoop.apache.org>
Reply-To: common-issues@hadoop.apache.org
Delivered-To: mailing list common-issues@hadoop.apache.org
Received: (qmail 84816 invoked by uid 99); 12 Apr 2011 19:32:46 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Apr 2011 19:32:46 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED,T_RP_MATCHES_RCVD
X-Spam-Check-By: apache.org
Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 12 Apr 2011 19:32:43 +0000
Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116])
	by hel.zones.apache.org (Postfix) with ESMTP id 22A9C9F191
	for <common-issues@hadoop.apache.org>; Tue, 12 Apr 2011 19:32:06 +0000 (UTC)
Date: Tue, 12 Apr 2011 19:32:06 +0000 (UTC)
From: "Tom White (JIRA)" <jira@apache.org>
To: common-issues@hadoop.apache.org
Message-ID: 
 <2119999565.53213.1302636726138.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Commented] (HADOOP-6898) FileSystem.copyToLocal creates
 files with 777 permissions
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
X-Virus-Checked: Checked by ClamAV on apache.org


    [ https://issues.apache.org/jira/browse/HADOOP-6898?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13019002#comment-13019002 ] 

Tom White commented on HADOOP-6898:
-----------------------------------

+1

> FileSystem.copyToLocal creates files with 777 permissions
> ---------------------------------------------------------
>
>                 Key: HADOOP-6898
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6898
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs, security
>            Reporter: Todd Lipcon
>            Assignee: Aaron T. Myers
>            Priority: Blocker
>             Fix For: 0.22.0
>
>         Attachments: hadoop-6898.0.txt
>
>
> FileSystem.copyToLocal ends up calling through to FileUtil.copy, which calls create() on the target file system without passing any permission object. Therefore, the file ends up getting created locally with 777 permissions, which is dangerous -- even if the caller then fixes up permissions afterwards, it exposes a window in which an attacker can open the file.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira