aboutsummaryrefslogtreecommitdiffstats
path: root/netx/net/sourceforge/jnlp/util/FileUtils.java
diff options
context:
space:
mode:
authorOmair Majid <omajid@redhat.com>2010-11-24 15:47:50 -0500
committerOmair Majid <omajid@redhat.com>2010-11-24 15:47:50 -0500
commit96560e4426643be5805fe106764da8f3d1f09613 (patch)
treeb391c5912ef4254af4977c3a45eead7c0b376b4c /netx/net/sourceforge/jnlp/util/FileUtils.java
parent8a4ac3f07e3a60a8cf34fbe12b1b05219e865bf0 (diff)
create files with reduced permissions when possible
2010-11-24 Omair Majid <omajid@redhat.com> * netx/net/sourceforge/jnlp/util/FileUtils.java (createRestrictedDirectory): New method. Creates a directory with reduced permissions. (createRestrictedFile(File,boolean)): New method. Creates a file with reduced permissions. (createRestrictedFile(File,boolean,boolean): New method. Creates a file or a directory with reduced permissions. * netx/net/sourceforge/jnlp/Launcher.java (markNetxRunning): Do not grant unnecessary file permissions. * netx/net/sourceforge/jnlp/runtime/Boot.java: Remove umask from help message. * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (activateNative): Create file with proper permissions. (getNativeDir): Create directory with proper permissions. * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java (initializeStreams): Create files with proper permissions. * netx/net/sourceforge/jnlp/security/CertWarningPane.java (CheckBoxListener.actionPerformed): Likewise. * netx/net/sourceforge/jnlp/security/KeyStores.java (createKeyStoreFromFile): Likewise. * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java (ImportButtonListener.actionPerformed): Likewise. (RemoveButtonListener.actionPerformed): Likewise. * netx/net/sourceforge/jnlp/services/SingleInstanceLock.java (createWithPort): Likewise. (getLockFile): Likewise. * netx/net/sourceforge/jnlp/services/XExtendedService.java (openFile): Likewise. * netx/net/sourceforge/jnlp/services/XPersistenceService.java (create): Likewise. * netx/net/sourceforge/jnlp/util/XDesktopEntry.java (installDesktopLauncher): Likewise. * netx/net/sourceforge/jnlp/resources/Messages.properties: Add CantCreateFile, RCantCreateDir and RCantRename. Remove BNoBase and BOUmask.
Diffstat (limited to 'netx/net/sourceforge/jnlp/util/FileUtils.java')
-rw-r--r--netx/net/sourceforge/jnlp/util/FileUtils.java75
1 files changed, 75 insertions, 0 deletions
diff --git a/netx/net/sourceforge/jnlp/util/FileUtils.java b/netx/net/sourceforge/jnlp/util/FileUtils.java
index aa1c316..b006424 100644
--- a/netx/net/sourceforge/jnlp/util/FileUtils.java
+++ b/netx/net/sourceforge/jnlp/util/FileUtils.java
@@ -16,6 +16,8 @@
package net.sourceforge.jnlp.util;
+import static net.sourceforge.jnlp.runtime.Translator.R;
+
import java.io.File;
import java.io.IOException;
@@ -72,6 +74,79 @@ public final class FileUtils {
}
/**
+ * Creates a new directory with minimum permissions. The directory is not
+ * readable or writable by anyone other than the owner. The parent
+ * directories are not created; they must exist before this is called.
+ *
+ * @throws IOException
+ */
+ public static void createRestrictedDirectory(File directory) throws IOException {
+ createRestrictedFile(directory, true, true);
+ }
+
+ /**
+ * Creates a new file with minimum permissions. The file is not readable or
+ * writable by anyone other than the owner. If writeableByOnwer is false,
+ * even the owner can not write to it.
+ *
+ * @throws IOException
+ */
+ public static void createRestrictedFile(File file, boolean writableByOwner) throws IOException {
+ createRestrictedFile(file, false, writableByOwner);
+ }
+
+ /**
+ * Creates a new file or directory with minimum permissions. The file is not
+ * readable or writable by anyone other than the owner. If writeableByOnwer
+ * is false, even the owner can not write to it. If isDir is true, then the
+ * directory can be executed by the owner
+ *
+ * @throws IOException
+ */
+ private static void createRestrictedFile(File file, boolean isDir, boolean writableByOwner) throws IOException {
+
+ File tempFile = null;
+
+ tempFile = new File(file.getCanonicalPath() + ".temp");
+
+ if (isDir) {
+ if (!tempFile.mkdir()) {
+ throw new IOException(R("RCantCreateDir", tempFile));
+ }
+ } else {
+ if (!tempFile.createNewFile()) {
+ throw new IOException(R("RCantCreateFile", tempFile));
+ }
+ }
+
+ // remove all permissions
+ tempFile.setExecutable(false, false);
+ tempFile.setReadable(false, false);
+ tempFile.setWritable(false, false);
+
+ // allow owner to read
+ tempFile.setReadable(true, true);
+
+ // allow owner to write
+ if (writableByOwner) {
+ tempFile.setWritable(true, true);
+ }
+
+ // allow owner to enter directories
+ if (isDir) {
+ tempFile.setExecutable(true, true);
+ }
+
+ // rename this file. Unless the file is moved/renamed, any program that
+ // opened the file right after it was created might still be able to
+ // read the data.
+ if (!tempFile.renameTo(file)) {
+ throw new IOException(R("RCantRename", tempFile, file));
+ }
+
+ }
+
+ /**
* Returns a String that is suitable for using in GUI elements for
* displaying (long) paths to users.
*
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-18 11:12:25 +0000