You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "arp7 (via GitHub)" <gi...@apache.org> on 2023/05/10 19:10:22 UTC

[GitHub] [hadoop] arp7 commented on a diff in pull request #4998: HADOOP-18235. vulnerability: we may leak sensitive information in LocalKeyStoreProvider

arp7 commented on code in PR #4998:
URL: https://github.com/apache/hadoop/pull/4998#discussion_r1190300509


##########
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/alias/LocalKeyStoreProvider.java:
##########
@@ -142,20 +142,26 @@ protected void initFileSystem(URI uri)
 
   @Override
   public void flush() throws IOException {
-    super.flush();
-    if (LOG.isDebugEnabled()) {
-      LOG.debug("Resetting permissions to '" + permissions + "'");
-    }
-    if (!Shell.WINDOWS) {
-      Files.setPosixFilePermissions(Paths.get(file.getCanonicalPath()),
-          permissions);
-    } else {
-      // FsPermission expects a 10-character string because of the leading
-      // directory indicator, i.e. "drwx------". The JDK toString method returns
-      // a 9-character string, so prepend a leading character.
-      FsPermission fsPermission = FsPermission.valueOf(
-          "-" + PosixFilePermissions.toString(permissions));
-      FileUtil.setPermission(file, fsPermission);
+    super.getWriteLock().lock();
+    try {
+      file.createNewFile();
+      if (LOG.isDebugEnabled()) {
+        LOG.debug("Resetting permissions to '" + permissions + "'");
+      }
+      if (!Shell.WINDOWS) {
+        Files.setPosixFilePermissions(Paths.get(file.getCanonicalPath()),
+            permissions);
+      } else {
+        // FsPermission expects a 10-character string because of the leading
+        // directory indicator, i.e. "drwx------". The JDK toString method returns
+        // a 9-character string, so prepend a leading character.
+        FsPermission fsPermission = FsPermission.valueOf(
+            "-" + PosixFilePermissions.toString(permissions));
+        FileUtil.setPermission(file, fsPermission);
+      }

Review Comment:
   @saxenapranav I don't believe this is an issue. If this process has successfully got a write handle then it is assumed no one else is actively writing to the file.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org