Re: Patch: File.deleteOnExit()

[Mark Wielaard]

Hi,

On Mon, 2004-05-17 at 16:09, Michael Koch wrote:
> Here another revision.
>
> 2004-05-17  Guilhem Lavaux  <address@hidden>
> 
>       * gnu/java/io/DeleteFileHelper.java: New file.
>       * java/io/File.java
>       (deleteOnExit): Implemented.

A couple of issues here.

1) You have a security hole since DeleteFileHelper.add(File) is publicly
accessible. So any code can call it and then when the shutdown hook is
run it will happily remove the file even if the caller didn't have
permission to do so. So either move the security check into that method
or move the class into java.io and make it package private.

2) It is not thread-safe. Multiple threads can call add at the same
time. Fix could be Collections.synchronizedCollection(filesToDelete) or
making add(File) synchronized. But see point 3.

3) What about shutdown hooks that create files that need to be deleted
on exit? This might not be a very big issue (there is no guarantee that
the files are deleted anyway) but you should at least guard against an
ConcurrentModificationException (by synchronizing on the filesToDelete
or on the class object (depending on the fix for 2). Another option
would be to make this a "special" shutdown hook (as libgcj does) and run
it after all shutdown hooks have been run.

Cheers,

Mark

signature.asc
Description: This is a digitally signed message part