sman-81 commented on code in PR #554:
URL: https://github.com/apache/maven-surefire/pull/554#discussion_r1059393355
##########
surefire-api/src/main/java/org/apache/maven/surefire/api/util/TempFileManager.java:
##########
@@ -180,6 +180,8 @@ public synchronized File createTempFile( String prefix,
String suffix )
throw new UncheckedIOException( new IOException(
"Unable to create temporary directory " +
tempDir.getAbsolutePath() ) );
}
+ // try to make temp file directory writable for all
+ tempDir.setWritable( true, false );
Review Comment:
The aim of the original PR was to stop Surefire from bloating the system
temp directory by instead having it write into a subdirectory 'surefire'. The
subdirectory was only writeable by the user that created it. So Surefire would
fail if another user ran tests on the same machine (before reboot or otherwise
cleaning up temp). Thus the user suffix is introduced by this PR. As user names
may contain characters illegal in directory names, there is a risk, even though
small or theoretic, that two users have identically names temp subdirectories.
By making the directory writeable for all, this risk is eliminated.
Until very recently Surefire wrote to system temp which by definition is
shared by all users and was never a security concern to anyone. This PR leaves
this semantic untouched.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
