HADOOP-19031. Enhance access control for RunJar. (#6427). Contributed by He Xiaoqiao.

Signed-off-by: Shuyan Zhang <zhangshuyan@apache.org>
Signed-off-by: Shilun Fan <slfan1989@apache.org>
Signed-off-by: Ayush Saxena <ayushsaxena@apache.org>
This commit is contained in:
Hexiaoqiao 2024-01-17 15:00:06 +08:00 committed by GitHub
parent 7b1570e2f1
commit 9634bd31e6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -28,10 +28,14 @@
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
import java.util.Set;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.JarInputStream;
@ -287,20 +291,18 @@ public void run(String[] args) throws Throwable {
final File workDir;
try {
workDir = File.createTempFile("hadoop-unjar", "", tmpDir);
} catch (IOException ioe) {
FileAttribute<Set<PosixFilePermission>> perms = PosixFilePermissions
.asFileAttribute(PosixFilePermissions.fromString("rwx------"));
workDir = Files.createTempDirectory(tmpDir.toPath(), "hadoop-unjar", perms).toFile();
} catch (IOException | SecurityException e) {
// If user has insufficient perms to write to tmpDir, default
// "Permission denied" message doesn't specify a filename.
System.err.println("Error creating temp dir in java.io.tmpdir "
+ tmpDir + " due to " + ioe.getMessage());
+ tmpDir + " due to " + e.getMessage());
System.exit(-1);
return;
}
if (!workDir.delete()) {
System.err.println("Delete failed for " + workDir);
System.exit(-1);
}
ensureDirectory(workDir);
ShutdownHookManager.get().addShutdownHook(