From 0f08d051974d840ca898d7d0b888a679e4dee248 Mon Sep 17 00:00:00 2001 From: Sven Gothel Date: Tue, 22 Sep 2015 00:54:01 +0200 Subject: Bug 1219: IOUtil.testDirExe: Disable 'existingExe' DEBUG_EXE feature by hardcoded 'DEBUG_EXE_EXISTING_FILE = false' This is required for security, i.e. not allowing to execute any pre-existing files! In case we need to manually debug this issue, we can re-enable it manually and locally, but not in public builds! --- src/java/com/jogamp/common/util/IOUtil.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/java') diff --git a/src/java/com/jogamp/common/util/IOUtil.java b/src/java/com/jogamp/common/util/IOUtil.java index 62144fc..59b0c9d 100644 --- a/src/java/com/jogamp/common/util/IOUtil.java +++ b/src/java/com/jogamp/common/util/IOUtil.java @@ -65,12 +65,15 @@ public class IOUtil { public static final boolean DEBUG; private static final boolean DEBUG_EXE; private static final boolean DEBUG_EXE_NOSTREAM; + private static final boolean DEBUG_EXE_EXISTING_FILE; static { Debug.initSingleton(); DEBUG = Debug.debug("IOUtil"); DEBUG_EXE = PropertyAccess.isPropertyDefined("jogamp.debug.IOUtil.Exe", true); DEBUG_EXE_NOSTREAM = PropertyAccess.isPropertyDefined("jogamp.debug.IOUtil.Exe.NoStream", true); + // For security reasons, we have to hardcode this, i.e. disable this manual debug feature! + DEBUG_EXE_EXISTING_FILE = false; // PropertyAccess.isPropertyDefined("jogamp.debug.IOUtil.Exe.ExistingFile", true); } /** Std. temporary directory property key java.io.tmpdir. */ @@ -918,7 +921,7 @@ public class IOUtil { final File exeTestFile; final boolean existingExe; try { - final File permExeTestFile = DEBUG_EXE ? new File(dir, "jogamp_exe_tst"+getExeTestFileSuffix()) : null; + final File permExeTestFile = DEBUG_EXE_EXISTING_FILE ? new File(dir, "jogamp_exe_tst"+getExeTestFileSuffix()) : null; if( null != permExeTestFile && permExeTestFile.exists() ) { exeTestFile = permExeTestFile; existingExe = true; -- cgit v1.2.3