JDK-8017212 : File.createTempFile requires unnecessary "read" permission
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.io
  • Affected Version: 6u85,7u40,8
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2013-06-20
  • Updated: 2015-02-02
  • Resolved: 2013-07-11
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 JDK 8
6u91Fixed 7u76Fixed 8 b100Fixed
Description
This is the regression introduced with fix for JDK-8013827. The code now checks if file exists before creating new temp file as oppose to earlier where an attempt was made to create file.

Code snippet:

File f;
        try {
            do {
                f = TempDirectory.generateFile(prefix, suffix, tmpdir);
            } while (f.exists());
            if (!f.createNewFile())
                throw new IOException("Unable to create temporary file");
        } catch (SecurityException se) {

The call to f.exists now needs "read" permission to be provided for applications which only need to write temp file.

Error:
java.security.AccessControlException: access denied 


Exception stack trace:

java.security.AccessControlException: access denied ("java.io.FilePermission" "/tmp/abcd#4910205138484207578.tmp" "read")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:453)
	at java.security.AccessController.checkPermission(AccessController.java:820)
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
	at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
	at java.io.File.exists(File.java:814)
	at java.io.File.createTempFile(File.java:2003)
Comments
No issues with the fix in 7u-dev core-libs nightly. SQE OK to take the fix in PSU15_01
06-11-2014
PSU15_01-critical-request justification - Fix for Release : 8 - Justification : the fix of a regression introduced in 7u40 - Risk Analysis : Low (The fix consist only of a few line changes, which are obviously correct) - Webrev : http://cr.openjdk.java.net/~igerasim/8017212/0/webrev/ - Testing (done/to-be-done) : The fix has existed in 8 and 9 for more than a year. Regression tests provided. - Back ports (done/to-be-done) : done: 7u80, 6u91 / to be done: 7u76 - FX Impact : none
05-11-2014
This is a very low-impact regression that will appear in jdk8-b96 once the changes get into master. As the fix was back-ported to 7u40 then it will appear there too and so needs to be fixed.
21-06-2013
For DKFL: Permissions/FileTempTest java version "1.8.0-ea" Java(TM) SE Runtime Environment (build 1.8.0-ea-langtools-nightly-h4845-20130619-b95-b00) Java HotSpot(TM) Client VM (build 25.0-b37, mixed mode) java.security.AccessControlException: access denied ("java.io.FilePermission" "/tmp/abcd#4910205138484207578.tmp" "read") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:453) at java.security.AccessController.checkPermission(AccessController.java:820) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at java.io.File.exists(File.java:814) at java.io.File.createTempFile(File.java:2003) at FileTempTest.run(FileTempTest.java:46) at SecurityTest.verify(SecurityTest.java:76) at FileTempTest.main(FileTempTest.java:60) java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\Users\aurora\AppData\Local\Temp\1\abcd#2762385893958828752.tmp" "read") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:453) at java.security.AccessController.checkPermission(AccessController.java:820) at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) at java.lang.SecurityManager.checkRead(SecurityManager.java:888) at java.io.File.exists(File.java:814) at java.io.File.createTempFile(File.java:2003) at FileTempTest.run(FileTempTest.java:46) at SecurityTest.verify(SecurityTest.java:76) at FileTempTest.main(FileTempTest.java:60)
20-06-2013