Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Duplicate
-
None
-
None
-
None
Description
See CVE-2020-8908. Guava's Files#createTempDir creates files that are world-readable. Phoenix has some test code that uses this API. Chances are eventually someone's security vulnerability scanner will ding you. Not urgent to fix, but the fix is simple:
"We recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured."
Attachments
Issue Links
- duplicates
-
PHOENIX-6576 Do not use guava's Files.createTempDir()
- Resolved