Update PR messaging to describe umask correctly

See apache/maven-release#160 (comment)
JLLeitschuh · Jan 24, 2023 · 3b47a72 · 3b47a72
1 parent c2a29c0
commit 3b47a72
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/bulk-pr-generation/temporary-directory-hijacking/pr_message.md b/bulk-pr-generation/temporary-directory-hijacking/pr_message.md
@@ -42,7 42,7 @@ tmpDir.mkdirs(); // This method returns 'false' because it was unable to create
 
 ## Temporary Directory Information Disclosure
 
-This vulnerability exists because, although the return values of `file.mkdir()` or `file.mkdirs()` are correctly checked, the permissions of the directory that is created follows the default system `uname` settings. Thus, the directory is created with everyone-readable permissions. As such, any files/directories written into this directory are viewable by all other local users on the system.
 This vulnerability exists because, although the return values of `file.mkdir()` or `file.mkdirs()` are correctly checked, the permissions of the directory that is created follows the default system umask configuration. Thus, the directory is created with everyone-readable permissions. As such, any files/directories written into this directory are viewable by all other local users on the system.
 
 ```java
 File tmpDir = File.createTempFile("temp", ".dir");

diff --git a/bulk-pr-generation/temporary-file-local-information-disclosure/pr_message.md b/bulk-pr-generation/temporary-file-local-information-disclosure/pr_message.md
@@ -11,7 11,7 @@ Even if you deem, as the maintainer of this project, this is not necessarily fix
 The system temporary directory is shared between all users on most unix-like systems (not MacOS, or Windows). Thus, code interacting with the system temporary directory must be careful about file interactions in this directory, and must ensure that the correct file posix permissions are set.
 
 This PR was generated because a call to `File.createTempFile(..)` was detected in this repository in a way that makes this project vulnerable to local information disclosure.
-With the default uname configuration, `File.createTempFile(..)` creates a file with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file.
 With the default umask configuration, `File.createTempFile(..)` creates a file with the permissions `-rw-r--r--`. This means that any other user on the system can read the contents of this file.
 
 ### Impact