Skip to content
This repository was archived by the owner on Jan 23, 2023. It is now read-only.

[release/3.1] Add file creation method that takes an ACL #42228

Merged
danmoseley merged 1 commit into from
Oct 30, 2019
Merged

[release/3.1] Add file creation method that takes an ACL #42228

danmoseley merged 1 commit into from
Oct 30, 2019

Conversation

@carlossanlop
Copy link

@carlossanlop carlossanlop commented Oct 30, 2019
edited
Loading

Approved API Proposal: #41614
Original PR merged in 5.0: #42099
Related change for directory creation method that takes an ACL: #41834 [merged and ported to 3.1 Prev2]

Description

We have extension methods in System.IO.FileSystem.AclExtensions that let the user get and set ACLs for existing files, but we do not have methods that create files with predefined ACLs.
.NET ACL (Access Control List) support is Windows specific. This change will reside inside the System.IO.FileSystem.AccessControl assembly.

Customer impact

Before this change, customers had to create a file or filestream, then set its ACLs. This presents a few problems:

  • Potential security hole as files can be accessed between creation and modification.
  • Porting difficulties as there isn't a 1-1 API replacement
  • Stability issues with background processes (file filters) can prevent modifying ACLs right after creation (typically surfaces as a security exception).

This change addresses those problems by adding a new extension method that allows creating a file and ensuring the provided ACLs are set during creation.

Regression

This change will not cause a regression.

Risk

Medium-Low:

  • Customers will only be able to test this change directly in 3.1 GA.
  • ACL changes are risky because if they are set incorrectly by our APIs, we cannot fix them via servicing, since the ACLs will already have been written to filesystems everywhere.
  • This change did almost no changes to existing codepaths, so the risk is contained inside the new code only.

Testing

Added unit tests that verify the ACLs were correctly set and the expected exceptions are thrown.

@carlossanlop carlossanlop added this to the 3.1 milestone Oct 30, 2019
@carlossanlop carlossanlop self-assigned this Oct 30, 2019
@carlossanlop carlossanlop added the Servicing-consider Issue for next servicing release review label Oct 30, 2019
@danmoseley danmoseley added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Oct 30, 2019
@danmoseley
Copy link
Member

danmoseley commented Oct 30, 2019
edited
Loading

Please get a review before merging 😃 (to confirm accurate port)

@carlossanlop
Copy link
Author

carlossanlop commented Oct 30, 2019

Thanks for the sign-off, @JeremyKuhne
@danmosemsft The CI is hitting some unrelated networking failures. There is an issue open to track it: https://github.com/dotnet/corefx/issues/42231

@danmoseley
Copy link
Member

danmoseley commented Oct 30, 2019

You can ignore unrelated CI issues

@danmoseley
Copy link
Member

danmoseley commented Oct 30, 2019

Ignoring https://github.com/dotnet/corefx/issues/42231

@danmoseley danmoseley merged commit 0f547d7 into dotnet:release/3.1 Oct 30, 2019
@carlossanlop carlossanlop deleted the FileCreate31 branch October 31, 2019 00:40
@danmoseley danmoseley mentioned this pull request Nov 7, 2019
Merged
@jkotas jkotas mentioned this pull request Nov 8, 2019
Merged
Dotnet-GitSync-Bot pushed a commit to Dotnet-GitSync-Bot/coreclr that referenced this pull request Nov 15, 2019
@carlossanlop @dotnet-bot
Add file creation method that takes an ACL (#42099) (dotnet/corefx#42228
121f711 
)

Signed-off-by: dotnet-bot <dotnet-bot@microsoft.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@danmoseley danmoseley Awaiting requested review from danmoseley

1 more reviewer

@JeremyKuhne JeremyKuhne JeremyKuhne approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@carlossanlop carlossanlop

Labels

area-System.IO Servicing-approved Approved for servicing release

Projects

None yet

Milestone

3.1

Development

Successfully merging this pull request may close these issues.

3 participants

@carlossanlop @danmoseley @JeremyKuhne