JDK-8218418 : (fs) Files.createSymbolicLink should use SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE (win)
  • Type: Enhancement
  • Component: core-libs
  • Sub-Component: java.nio
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows_10
  • CPU: x86_64
  • Submitted: 2019-02-04
  • Updated: 2019-06-26
  • Resolved: 2019-04-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 13
13 b15Fixed
Related Reports
Relates :  
Sub Tasks
JDK-8226801 :  
Description
A DESCRIPTION OF THE PROBLEM :
Newer builds of Windows 10 with developer mode enabled (and in the future possibly baseline) allow creation of symlinks without elevated privileges by passing the flag SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE (0x2) to the CreateSymbolicLinkW system call. The WindowsFileSystem createSymbolicLink method doesn't pass this flag to the system call, making it fail needlessly when the user doesn't have elevated permissions. Passing the flag when this feature isn't enabled does nothing, so always passing the flag seems like the right thing to do



Comments
[~psonal] Thank you for sending e-mail to the submitter, but I determined that my testing was incorrect. I had mistakenly used Files.createLink() in the test above where I should have used Files.createSymbolicLink(). The correct test is <code> import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; public class CreateLink { public static void main(String[] args) throws IOException { Path link = Path.of(args[0]); Path existing = Path.of(args[1]); if (!Files.exists(existing)) { existing = Files.createFile(existing); } Path path = Files.createSymbolicLink(link, existing); } } </code> With the above change I was able to verify that without the flag SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE, a standard user could not create a symbolic link whether or not Developer Mode was enabled in Windows 10, but with the addition of the flag, a standard user can create a symbolic link when Developer Mode is enabled. So the patch as it exists is good and no more information is needed from the submitter.
29-03-2019

Sent an email to submitter requesting for test code and a scenario where the enhancement will help.
29-03-2019

The flag SYMBOLIC_LINK_FLAG_ALLOW_UNPRIVILEGED_CREATE appears to have been added in Windows 10 build 14972: https://blogs.windows.com/buildingapps/2016/12/02/symlinks-windows-10/.
25-03-2019

I have not been able to verify whether this change accomplishes anything on Windows Server 2016. I created a small test import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; public class CreateLink { public static void main(String[] args) throws IOException { Path link = Path.of(args[0]); Path existing = Path.of(args[1]); if (!Files.exists(existing)) { existing = Files.createFile(existing); } Path path = Files.createLink(link, existing); } } and ran it as a standard user attempting to create a link in one of the user's folders to a file in an Administrator's folder. This failed with an AccessDeniedException. The test was executed in a PowerShell which was launched from an Administrator PowerShell using the "runas /user:test" command. There was no difference in the result whether Developer Mode was enabled or not. The test however did succeed when attempting to create a link to a file in the user's own folder, again independent of whether Developer Mode was enabled. Also, I attempted to use the "mklink" command in a standard user command prompt and this failed with Developer Mode enabled and disabled. So I suppose either my testing methodology was incorrect, or the operating system version was not recent enough to enable allowing a standard user to create symbolic links without having elevated permissions.
21-03-2019

This seems a reasonable suggestion.
05-02-2019