Skip to content

use Files.createTempFile for owner-only groovysh/groovyc temp files#2652

Merged
paulk-asert merged 1 commit into
apache:masterfrom
netliomax25-code:tooling-temp-file-permissions
Jul 1, 2026
Merged

use Files.createTempFile for owner-only groovysh/groovyc temp files#2652
paulk-asert merged 1 commit into
apache:masterfrom
netliomax25-code:tooling-temp-file-permissions

Conversation

@netliomax25-code

Copy link
Copy Markdown
Contributor
  1. groovysh /less and /nano write the interactive session buffer to a temp file created with java.io.File.createTempFile, which under a typical umask (022) is created world-readable (rw-r--r--). The buffer often holds connection strings, tokens, or credentials the user has typed.
  2. Groovyc.addSourceFiles writes the forked compilers source-file list to a temp file the same way when the command line exceeds the Windows length limit.
  3. On a shared host any other local user can then read these artifacts. This is the same CWE-377/378 class already addressed for temp directories by moving to NIO (the CVE-2020-17521 fix, listed as property P4 in THREAT_MODEL.md), but these temp files were still using the java.io API.

Switched the three sites to java.nio.file.Files.createTempFile(...).toFile(), which yields owner-only (rw-------) permissions on POSIX. Behavior for the owning user is unchanged; the forked compiler and the jline pager run as the same user, so the tighter mode does not affect them.

Verified locally that java.io.File.createTempFile produces rw-r--r-- under umask 022 while Files.createTempFile produces rw-------; the two modules compile cleanly.

@testlens-app

testlens-app Bot commented Jul 1, 2026

Copy link
Copy Markdown

✅ All tests passed ✅

🏷️ Commit: 859178d
▶️ Tests: 102571 executed
⚪️ Checks: 23/23 completed


Learn more about TestLens at testlens.app.

@paulk-asert paulk-asert merged commit 210ab01 into apache:master Jul 1, 2026
24 checks passed
@paulk-asert

Copy link
Copy Markdown
Contributor

Merged. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants