This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 36047

Summary: Should ensure that %USERDIR%\lock is not readable by other users
Product: platform Reporter: Jesse Glick <jglick>
Component: -- Other --Assignee: _ ttran <ttran>
Status: RESOLVED WONTFIX    
Severity: blocker CC: jtulach, pzajac
Priority: P2    
Version: 3.x   
Hardware: PC   
OS: Windows XP   
Issue Type: ENHANCEMENT Exception Reporter:
Bug Depends on:    
Bug Blocks: 32054, 36472    

Description Jesse Glick 2003-09-11 19:17:53 UTC 
org.netbeans.CLIHandler in the trunk does a chmod
go-rwx $userdir/lock, when chmod is available (in
/bin or /usr/bin). This is useful so that even if
$userdir is world-readable (which is often the
case), other users will not be able to read the
lock file and so connect to the NB instance (e.g.
to open some file maliciously?).

On Windows running e.g. a Hydra terminal server,
it would be useful to do something similar. Yarda
suggested that the ATTRIB command would do
something like this. I have no Windows machine to
test it on, however.
Comment 1 Jaroslav Tulach 2004-04-14 10:27:01 UTC 
Trung, do we have any plans with this for promoD? It would make the
architecture a bit more secure...
Comment 2 _ ttran 2004-04-15 13:56:49 UTC 
won't work on windows.  It has quite advanced ACL system but I doubt
we can access it from java without JNI
Comment 3 Jaroslav Tulach 2004-07-26 09:16:22 UTC 
Looks like we can easily live without it until a real security issue
is found.