ARTEMIS-5172 Reduce the permissions on temp file.

Ensure that the temproray large message content can only be read by the user associated with the process. Iusse: https://issues.apache.org/jira/browse/ARTEMIS-5172 Signed-off-by: Emmanuel Hugonnet <[email protected]>
ehsavoie · Nov 21, 2024 · 7637973 · 7637973
1 parent 6f779a7
commit 7637973
Showing 1 changed file with 14 additions and 4 deletions.
diff --git a/...client/src/main/java/org/apache/activemq/artemis/core/client/impl/ClientConsumerImpl.java b/...client/src/main/java/org/apache/activemq/artemis/core/client/impl/ClientConsumerImpl.java
@@ -17,6 +17,7 @@
 package org.apache.activemq.artemis.core.client.impl;
 
 import java.io.File;
+import java.io.IOException;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.Objects;
@@ -623,8 +624,7 @@ private void handleCompressedMessage(final ClientMessageInternal clMessage) thro
       File largeMessageCache = null;
 
       if (session.isCacheLargeMessageClient()) {
-         largeMessageCache = File.createTempFile("tmp-large-message-" + largeMessage.getMessageID() + "-", ".tmp");
-         largeMessageCache.deleteOnExit();
+         largeMessageCache = createLargeMessageCache(largeMessage.getMessageID());
       }
 
       ClientSessionFactory sf = session.getSessionFactory();
@@ -646,6 +646,17 @@ private void handleCompressedMessage(final ClientMessageInternal clMessage) thro
       handleRegularMessage(largeMessage);
    }
 
+   private File createLargeMessageCache(long messageId) throws IOException {
+      File largeMessageCache = File.createTempFile("tmp-large-message-" + messageId + "-", ".tmp");
+      largeMessageCache.setReadable(false);
+      largeMessageCache.setExecutable(false);
+      largeMessageCache.setWritable(false);
+      largeMessageCache.setReadable(true, true);
+      largeMessageCache.setWritable(true, true);
+      largeMessageCache.deleteOnExit();
+      return largeMessageCache;
+   }
+
    @Override
    public synchronized void handleLargeMessage(final ClientLargeMessageInternal clientLargeMessage,
                                                long largeMessageSize) throws Exception {
@@ -658,8 +669,7 @@ public synchronized void handleLargeMessage(final ClientLargeMessageInternal cli
       File largeMessageCache = null;
 
       if (session.isCacheLargeMessageClient()) {
-         largeMessageCache = File.createTempFile("tmp-large-message-" + clientLargeMessage.getMessageID() + "-", ".tmp");
-         largeMessageCache.deleteOnExit();
+         largeMessageCache = createLargeMessageCache(clientLargeMessage.getMessageID());
       }
 
       ClientSessionFactory sf = session.getSessionFactory();