This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 36047 - Should ensure that %USERDIR%\lock is not readable by other users
Summary: Should ensure that %USERDIR%\lock is not readable by other users
Status: RESOLVED WONTFIX
Alias: None
Product: platform
Classification: Unclassified
Component: -- Other -- (show other bugs)
Version: 3.x
Hardware: PC Windows XP
: P2 blocker (vote)
Assignee: _ ttran
URL:
Keywords:
Depends on:
Blocks: 32054 36472
  Show dependency tree
 
Reported: 2003-09-11 19:17 UTC by Jesse Glick
Modified: 2008-12-22 21:49 UTC (History)
2 users (show)

See Also:
Issue Type: ENHANCEMENT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jesse Glick 2003-09-11 19:17:53 UTC 
org.netbeans.CLIHandler in the trunk does a chmod
go-rwx $userdir/lock, when chmod is available (in
/bin or /usr/bin). This is useful so that even if
$userdir is world-readable (which is often the
case), other users will not be able to read the
lock file and so connect to the NB instance (e.g.
to open some file maliciously?).

On Windows running e.g. a Hydra terminal server,
it would be useful to do something similar. Yarda
suggested that the ATTRIB command would do
something like this. I have no Windows machine to
test it on, however.
Comment 1 Jaroslav Tulach 2004-04-14 10:27:01 UTC 
Trung, do we have any plans with this for promoD? It would make the
architecture a bit more secure...
Comment 2 _ ttran 2004-04-15 13:56:49 UTC 
won't work on windows.  It has quite advanced ACL system but I doubt
we can access it from java without JNI
Comment 3 Jaroslav Tulach 2004-07-26 09:16:22 UTC 
Looks like we can easily live without it until a real security issue
is found.