FAQ
FileSystem.copyToLocal creates files with 777 permissions
---------------------------------------------------------

Key: HADOOP-6898
URL: https://issues.apache.org/jira/browse/HADOOP-6898
Project: Hadoop Common
Issue Type: Bug
Components: fs, security
Reporter: Todd Lipcon
Priority: Critical
Fix For: 0.22.0


FileSystem.copyToLocal ends up calling through to FileUtil.copy, which calls create() on the target file system without passing any permission object. Therefore, the file ends up getting created locally with 777 permissions, which is dangerous -- even if the caller then fixes up permissions afterwards, it exposes a window in which an attacker can open the file.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcommon-dev @
categorieshadoop
postedAug 4, '10 at 12:52a
activeAug 4, '10 at 12:52a
posts1
users1
websitehadoop.apache.org...
irc#hadoop

1 user in discussion

Todd Lipcon (JIRA): 1 post

People

Translate

site design / logo © 2022 Grokbase