Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6604991

(spec) File.mkdirs can throw unexpected SecurityException

    Details

    • Type: Bug
    • Status: Open
    • Priority: P4
    • Resolution: Unresolved
    • Affects Version/s: 1.4.1
    • Fix Version/s: tbd
    • Component/s: core-libs
    • Labels:
    • Subcomponent:
    • Understanding:
      Cause Known
    • Introduced In Version:
    • CPU:
      x86
    • OS:
      linux

      Description

      Specification for java.io.File.mkdirs looks as follows:

      -----------------------------
      public boolean mkdirs()
      ................
          Throws:
              SecurityException - If a security manager exists and its SecurityManager.checkRead(java.lang.String) method does not permit verification of the existence of the named directory and all necessary parent directories; or if the SecurityManager.checkWrite(java.lang.String) method does not permit the named directory and all necessary parent directories to be created
      -----------------------------

      JDK's implementation of this method looks as follows:
      -----------------------------
              if (exists()) {
                  return false;
              }
              if (mkdir()) {
                  return true;
              }
              File canonFile = null;
              try {
                  canonFile = getCanonicalFile();
              } catch (IOException e) {
                  return false;
              }

              File parent = canonFile.getParentFile();
              return (parent != null && (parent.mkdirs() || parent.exists()) &&
                      canonFile.mkdir());

      -----------------------------

      Specification of java.io.getCanonicalFile method look as follows:

      -----------------------------
      public File getCanonicalFile()
                            throws IOException

      ..............
          Throws:
      ..............
              SecurityException - If a required system property value cannot be accessed, or if a security manager exists and its SecurityManager.checkRead(java.io.FileDescriptor) method denies read access to the file

      -----------------------------


      Merging all this info together following result is achieved:

      java.io.File.mkdirs() invokes getCanonicalFile() which can throw SecurityException "if a required system property value cannot be accessed" (so if current security policy does not allow to read "user.dir" property).

      This exception is not caught inside 'mkdirs()' so java.io.File.mkdirs can throw SE if current security policy does not allow to read "user.dir" property.

      However such option of SE throwing is not specified for java.io.File.mkdirs method.

      It means contradiction between API spec and implementation.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                sreznick Sergey Reznick (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Imported:
                  Indexed: