- Problem Statement
JNA creates a temporary folder at a known location (harcoded path: /tmp/jna) to do its deed.
Unlike the system's temporary folder, it doesn't set the sticky bit on it... so on multi user systems, several problems arise :
- Suggested changes
I've located at least two separate occurences of the problem:
|
static File getTempDir() throws IOException { |
(runtime error + security vulnerability)
|
private void createDir() throws FileNotFoundException { |
(just a security vulnerability)
In both cases, the easy fix is to make the directory name "instance" specific with an unpredictable path:
https://docs.oracle.com/javase/7/docs/api/java/nio/file/Files.html#createTempDirectory(java.lang.String,%20java.nio.file.attribute.FileAttribute...)
- Version information
Seems irrelevant... but it does affect 4.5.1
JNA creates a temporary folder at a known location (harcoded path: /tmp/jna) to do its deed.
Unlike the system's temporary folder, it doesn't set the sticky bit on it... so on multi user systems, several problems arise :
I've located at least two separate occurences of the problem:
jna/src/com/sun/jna/Native.java
Line 1277 in d42375c
jna/contrib/platform/src/com/sun/jna/platform/win32/COM/tlb/TlbImp.java
Line 138 in ea9de70
In both cases, the easy fix is to make the directory name "instance" specific with an unpredictable path:
https://docs.oracle.com/javase/7/docs/api/java/nio/file/Files.html#createTempDirectory(java.lang.String,%20java.nio.file.attribute.FileAttribute...)
Seems irrelevant... but it does affect 4.5.1