Sun Java System Access Manager 7.1 Release Notes

Password file exposed in a temporary directory after Patch 1 re-deployment (CR 6640377)

After Access Manager Patch 1 applied to Access Manager 7.1 and re-deployed, several/tmp directories are created. In one of them, the permissions are incorrectly set so that the sun_ad_dirmgrpasswd is readable. These directories are automatically deleted when the deployment is completed, but they are exposed for a matter of time before hand. This is a potential security risk.


Before re-deploying the patch, set umask 077. The files will then be created with the correct permissions.