[Bug classpath/24895] Directory traversal vulnerability in FilePermissio

bug-classpath

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug classpath/24895] Directory traversal vulnerability in FilePermissio

From:	gbenson at redhat dot com
Subject:	[Bug classpath/24895] Directory traversal vulnerability in FilePermission check
Date:	17 Nov 2005 11:33:32 -0000


------- Comment #2 from gbenson at redhat dot com  2005-11-17 11:33 -------
If File.getCanonicalFile() is used in fixing this then it would have the added
advantage of removing the cached FilePermission.CURRENT_DIRECTORY.  I know that
Java has no concept of changing the current directory (and I know that granting
permissions based on a relative path is asking for trouble!) but the current
setup still seems a touch fragile.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=24895

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug classpath/24895] New: Directory traversal vulnerability in FilePermission check, gbenson at redhat dot com, 2005/11/16
- [Bug classpath/24895] Directory traversal vulnerability in FilePermission check, gbenson at redhat dot com, 2005/11/16
- [Bug classpath/24895] Directory traversal vulnerability in FilePermission check, gbenson at redhat dot com, 2005/11/16
- [Bug classpath/24895] Directory traversal vulnerability in FilePermission check, gbenson at redhat dot com <=

Prev by Date: Re: [cp-patches] FYI: Releasing the first CORBA/Swing example ( two player network strategy game)
Next by Date: [Bug classpath/23183] SimpleDateFormat fails to render '' as single quotes
Previous by thread: [Bug classpath/24895] Directory traversal vulnerability in FilePermission check
Next by thread: [Bug classpath/24422] Proxy deserialization broken
Index(es):
- Date
- Thread