Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kernel "load" results in surprising file permissions #1765

Closed
3 of 4 tasks
RomainMuller opened this issue Jun 30, 2020 · 0 comments · Fixed by #1766
Closed
3 of 4 tasks

Kernel "load" results in surprising file permissions #1765

RomainMuller opened this issue Jun 30, 2020 · 0 comments · Fixed by #1766
Assignees
@RomainMuller
Labels
bug This issue is a bug. module/kernel Issues affecting the `jsii-kernel` module p1

Comments

@RomainMuller
Copy link
Contributor

🐛 Bug Report

Affected Languages

  • TypeScript or Javascript
  • Python
  • Java
  • .NET (C#, F#, ...)

General Information

  • JSII Version: all existing versions
  • Platform: UNIX-like with a non-default umask such as 0027

What is the problem?

Libraries loaded in the jsii kernel are not installed by npm, but directly unpacked. The umask is not overridden, leading to the current process configuration to be applied. This leads to installs that differ in file permissions from their npm installed counterparts.

This has been found to cause aws/aws-cdk#8233
@RomainMuller RomainMuller added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. module/kernel Issues affecting the `jsii-kernel` module p1 and removed needs-triage This issue or PR still needs to be triaged. labels Jun 30, 2020
RomainMuller added a commit that referenced this issue Jun 30, 2020
@RomainMuller
fix(kernel): tarball unpacking does not behave like 'npm install'
aa0b201 
In it's wisdom, `npm install` does override the process' `umask` to
`0o022` before unpackging the tarball, to ensure the produced install
has the kind of permissions that one would expect, regardless of the
system-configured `umask`.

Because `@jsii/kernel` did not reproduce this behavior, loaded libraries
could be unpacked with unexpectedly tight permissions, leading to weird
issues when those files were used in contexts that required those
permissions. For example, this is the cause of aws/aws-cdk#8233.

Fixes #1765
@RomainMuller RomainMuller mentioned this issue Jun 30, 2020
Merged
@mergify mergify bot closed this as completed in #1766 Jul 1, 2020
mergify bot pushed a commit that referenced this issue Jul 1, 2020
@RomainMuller
fix(kernel): tarball unpacking does not behave like 'npm install' (#1766
2dc1b21 
)

In it's wisdom, `npm install` does override the process' `umask` to
`0o022` before unpackging the tarball, to ensure the produced install
has the kind of permissions that one would expect, regardless of the
system-configured `umask`.

Because `@jsii/kernel` did not reproduce this behavior, loaded libraries
could be unpacked with unexpectedly tight permissions, leading to weird
issues when those files were used in contexts that required those
permissions. For example, this is the cause of aws/aws-cdk#8233.

Fixes #1765



---

By submitting this pull request, I confirm that my contribution is made under the terms of the [Apache 2.0 license].

[Apache 2.0 license]: https://www.apache.org/licenses/LICENSE-2.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RomainMuller RomainMuller

Labels
bug This issue is a bug. module/kernel Issues affecting the `jsii-kernel` module p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(kernel): tarball unpacking does not behave like 'npm install' aws/jsii
1 participant
@RomainMuller