Message12924

Author jeff.allen
Recipients jeff.allen, kseifried, zyasoft
Date 2020-01-26.13:38:38
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1580045919.13.0.879621903382.issue2044@roundup.psfhosted.org>
In-reply-to
Content
I have a fix for this that will make private (rw to the owner only) compiled classes and the package cache, however permissive the umask. This does not affect files created by Python applications in general.

A user (or administrator) setting umask 0 is asking for trouble, and the system is only giving him what he asked for. However, he may have wanted permissive settings on files created by the application in a particular run, and be unaware of retained compiled files and the package cache then affecting later invocations. So I appreciate the argument in favour of restricting those files.

Observations on Linux, before the fix:

jeff@nahum:~/dev/jython-trunk$ umask 0
jeff@nahum:~/dev/jython-trunk$ ant
jeff@nahum:~/dev/jython-trunk$ ls -lG dist/Lib/as*.class
-rw-rw-rw- 1 jeff 26339 Jan 26 13:15 'dist/Lib/ast$py.class'
-rw-rw-rw- 1 jeff 18772 Jan 26 13:15 'dist/Lib/asynchat$py.class'
-rw-rw-rw- 1 jeff 37578 Jan 26 13:15 'dist/Lib/asyncore$py.class'
jeff@nahum:~/dev/jython-trunk$ dist/bin/jython -c "6*7"
jeff@nahum:~/dev/jython-trunk$ ls -lG dist/cachedir/packages/p*
-rw-rw-rw- 1 jeff 7592 Jan 26 13:19 dist/cachedir/packages/packages.idx
-rw-rw-rw- 1 jeff 4310 Jan 26 13:19 dist/cachedir/packages/postgresql-42.1.1.jre7.pkc
-rw-rw-rw- 1 jeff 1431 Jan 26 13:19 dist/cachedir/packages/profile.pkc

The class files are those created by compilation during the build. On the patched version:

jeff@nahum:~/jydev/Jython20200126$ umask 0
jeff@nahum:~/jydev/Jython20200126$ ant
jeff@nahum:~/jydev/Jython20200126$ ls -lG dist/Lib/as*.class
-rw------- 1 jeff 26339 Jan 26 13:16 'dist/Lib/ast$py.class'
-rw------- 1 jeff 18772 Jan 26 13:16 'dist/Lib/asynchat$py.class'
-rw------- 1 jeff 37578 Jan 26 13:16 'dist/Lib/asyncore$py.class'
jeff@nahum:~/jydev/Jython20200126$ dist/bin/jython -c "6*7"
jeff@nahum:~/jydev/Jython20200126$ ls -lG dist/cachedir/packages/p*
-rw------- 1 jeff 8008 Jan 26 13:24 dist/cachedir/packages/packages.idx
-rw------- 1 jeff 4314 Jan 26 13:24 dist/cachedir/packages/postgresql-42.1.1.jre7.pkc
-rw------- 1 jeff 1435 Jan 26 13:24 dist/cachedir/packages/profile.pkc

I'll give some thought to the location of the package cache as a separate step. Obviously no shared installation location should be writable by general users, so if it is not relocated to user storage, presumably it is ineffective?
History
Date User Action Args
2020-01-26 13:38:39jeff.allensetmessageid: <1580045919.13.0.879621903382.issue2044@roundup.psfhosted.org>
2020-01-26 13:38:39jeff.allensetrecipients: + jeff.allen, zyasoft, kseifried
2020-01-26 13:38:39jeff.allenlinkissue2044 messages
2020-01-26 13:38:38jeff.allencreate