You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by ka...@apache.org on 2013/06/25 13:36:27 UTC
svn commit: r1496425 - in /db/derby/code/branches/10.10: ./
java/engine/org/apache/derby/impl/io/DirFile4.java
java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
Author: kahatlen
Date: Tue Jun 25 11:36:27 2013
New Revision: 1496425
URL: http://svn.apache.org/r1496425
Log:
DERBY-6258: Restrict permissions on BACKUP.HISTORY
Merged revision 1492110 from trunk.
Modified:
db/derby/code/branches/10.10/ (props changed)
db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/DirFile4.java
db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
Propchange: db/derby/code/branches/10.10/
------------------------------------------------------------------------------
Merged /db/derby/code/trunk:r1492110
Modified: db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/DirFile4.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/DirFile4.java?rev=1496425&r1=1496424&r2=1496425&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/DirFile4.java (original)
+++ db/derby/code/branches/10.10/java/engine/org/apache/derby/impl/io/DirFile4.java Tue Jun 25 11:36:27 2013
@@ -37,6 +37,7 @@ import java.nio.channels.FileChannel;
import java.nio.channels.FileLock;
import java.nio.channels.OverlappingFileLockException;
import org.apache.derby.iapi.error.StandardException;
+import org.apache.derby.iapi.services.io.FileUtil;
import org.apache.derby.iapi.util.InterruptStatus;
/**
@@ -111,7 +112,16 @@ class DirFile4 extends DirFile
*/
public OutputStream getOutputStream( final boolean append) throws FileNotFoundException
{
- return new FileOutputStream( (File) this, append);
+ boolean existed = exists();
+ OutputStream result = new FileOutputStream( (File) this, append);
+
+ if (!existed) {
+ // The file didn't exist before and was created when the stream
+ // was opened. Restrict the permissions of the newly created file.
+ FileUtil.limitAccessToOwner(this);
+ }
+
+ return result;
}
public synchronized int getExclusiveFileLock() throws StandardException
Modified: db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java?rev=1496425&r1=1496424&r2=1496425&view=diff
==============================================================================
--- db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java (original)
+++ db/derby/code/branches/10.10/java/testing/org/apache/derbyTesting/functionTests/tests/engine/RestrictiveFilePermissionsTest.java Tue Jun 25 11:36:27 2013
@@ -371,6 +371,12 @@ public class RestrictiveFilePermissionsT
checkAccessToOwner(
fbd, true, POSITIVE);
+ // DERBY-6258: When taking a backup, a file called BACKUP.HISTORY
+ // is created in the original database directory. Verify that its
+ // permissions are restricted.
+ final File db = new File(home, dbName);
+ checkAccessToOwner(db, true, POSITIVE);
+
// Prepare to restore
TestConfiguration.getCurrent().shutdownDatabase();
@@ -383,7 +389,6 @@ public class RestrictiveFilePermissionsT
ds, "connectionAttributes", "restoreFrom=" + fullRestoreDir);
final Connection con = ds.getConnection();
- final File db = new File(home, dbName);
checkAccessToOwner(
db, true, POSITIVE);
@@ -777,8 +782,8 @@ public class RestrictiveFilePermissionsT
} else {
if (expectedOutcome == POSITIVE) {
fail(
- "unexpected uid has access: " +
- princName);
+ "unexpected uid " + princName +
+ " can access file " + file);
} else {
someThingBeyondOwnerFound = true;
}
@@ -800,6 +805,10 @@ public class RestrictiveFilePermissionsT
Object perm = i.next();
if (unwantedPermissions.contains(perm)) {
+ if (expectedOutcome == POSITIVE) {
+ fail("unwanted permission " + perm +
+ " for file " + file);
+ }
someThingBeyondOwnerFound = true;
break;
}