Description Ariel Garcia 2007-03-11 10:04:42 EDT

Currently the grid-proxy and voms-proxy files get created without setting the file permissions. Therefore if the OS is multiuser and the user has an insecure file creation default (umask) the token files could end up readable by other users.

Sadly there is no way to manage file/folder permissions in Java <= 5 or in Eclipse itself (class org.eclipse.core.resources.ResourceAttributes doesn't manage user/other permissions either), and requiring Java 6 is right now not an option. Asking the user to set the "umask" before launching gEclipse would also be silly if we can take care of it. Therefore it looks to me that the only way around is using platform-specific code for taking care of that.
The attached patch tries to solve the issue, creating a new SecureFile class which extends java.io.File, and which can be used to set secure file permissions. The implementation misses the windows part but "works-for-me" in linux with grid-proxys.
This patch protects the grid and voms proxy files and also the .tokens folder, just in case...