jython/jython-cacheperms.patch

From 517883617472d53c3346ad419f0af42a7dd83705 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lubo.rintel@gooddata.com>
Date: Wed, 3 Apr 2013 18:24:46 +0200
Subject: [PATCH 1/3] Make cache not accessible by anyone else

Sensitive information might be being cached or umask can be too relaxed,
allowing writes.
---
 src/org/python/core/CachedJarsPackageManager.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/org/python/core/CachedJarsPackageManager.java b/src/org/python/core/CachedJarsPackageManager.java
index 6953136..764f2f3 100644
--- a/src/org/python/core/CachedJarsPackageManager.java
+++ b/src/org/python/core/CachedJarsPackageManager.java
@@ -587,6 +587,12 @@ public abstract class CachedJarsPackageManager extends PackageManager {
             return false;
         }
 
+        aCachedir1.setReadable(false, false);
+        aCachedir1.setWritable(false, false);
+        aCachedir1.setExecutable(false, false);
+        aCachedir1.setReadable(true, true);
+        aCachedir1.setWritable(true, true);
+        aCachedir1.setExecutable(true, true);
         this.cachedir = aCachedir1;
 
         return true;
-- 
1.8.3.1