Bugzilla – Bug 5298
Umask setting causes problems under MacOS
Last modified: 2009-08-26 22:26:16
You need to
before you can comment on or make changes to this bug.
Setting the umask is really difficult under MacOS.
It has also been reported that changing the umask under MacOS prevents changing
the timezone on the system.
Since many systems are single user systems, the current behavior of the Java
client of failing to run with a poor umask is probably overkill. Changing the
behavior to warning the user and then saving state that the user has been
warned would seem to strike a much better balance between security and
Newer versions of MacOSX (=>10.5.3) allow setting UMask for just user
applications. See section on launchd-iser.conf in:
I verified the launchd-user.conf approach works; I had to reboot after making
the change (it's possible a logout/login could have done it too, I didn't try
An alternative here is to replace the use of the Shib session ID in the JNLP
file with Apache session Id that is destroyed by generate-cred.pl, effectively
making it single use. This would make the contents of the jnlp non-sensitive
after the JWS application has run since the session value would be of no use. A
short window exists between the jnlp file being downloaded and the JWS
application running, but I think that's becoming an acceptable corner case.
This would require be a change for the 0.6 release since it is not a small one.
Plan on getting rid of UMask checking as part of work on Bug 5847. Ultimate fix
is still Bug 6722.
The umask checking has been removed in 0_5 branch.
In 1.0.0 release.