From 96560e4426643be5805fe106764da8f3d1f09613 Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Wed, 24 Nov 2010 15:47:50 -0500
Subject: create files with reduced permissions when possible

2010-11-24  Omair Majid  <omajid@redhat.com>

    * netx/net/sourceforge/jnlp/util/FileUtils.java
    (createRestrictedDirectory): New method. Creates a directory with reduced
    permissions.
    (createRestrictedFile(File,boolean)): New method. Creates a file with reduced
    permissions.
    (createRestrictedFile(File,boolean,boolean): New method. Creates a file or
    a directory with reduced permissions.
    * netx/net/sourceforge/jnlp/Launcher.java
    (markNetxRunning): Do not grant unnecessary file permissions.
    * netx/net/sourceforge/jnlp/runtime/Boot.java: Remove umask from
    help message.
    * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
    (activateNative): Create file with proper permissions.
    (getNativeDir): Create directory with proper permissions.
    * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
    (initializeStreams): Create files with proper permissions.
    * netx/net/sourceforge/jnlp/security/CertWarningPane.java
    (CheckBoxListener.actionPerformed): Likewise.
    * netx/net/sourceforge/jnlp/security/KeyStores.java
    (createKeyStoreFromFile): Likewise.
    * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
    (ImportButtonListener.actionPerformed): Likewise.
    (RemoveButtonListener.actionPerformed): Likewise.
    * netx/net/sourceforge/jnlp/services/SingleInstanceLock.java
    (createWithPort): Likewise.
    (getLockFile): Likewise.
    * netx/net/sourceforge/jnlp/services/XExtendedService.java
    (openFile): Likewise.
    * netx/net/sourceforge/jnlp/services/XPersistenceService.java
    (create): Likewise.
    * netx/net/sourceforge/jnlp/util/XDesktopEntry.java
    (installDesktopLauncher): Likewise.
    * netx/net/sourceforge/jnlp/resources/Messages.properties: Add
    CantCreateFile, RCantCreateDir and RCantRename. Remove BNoBase and
    BOUmask.
---
 netx/net/sourceforge/jnlp/security/KeyStores.java | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'netx/net/sourceforge/jnlp/security/KeyStores.java')

diff --git a/netx/net/sourceforge/jnlp/security/KeyStores.java b/netx/net/sourceforge/jnlp/security/KeyStores.java
index 05bc150..de4aff3 100644
--- a/netx/net/sourceforge/jnlp/security/KeyStores.java
+++ b/netx/net/sourceforge/jnlp/security/KeyStores.java
@@ -53,6 +53,7 @@ import java.util.StringTokenizer;
 import net.sourceforge.jnlp.runtime.DeploymentConfiguration;
 import net.sourceforge.jnlp.runtime.JNLPRuntime;
 import net.sourceforge.jnlp.runtime.Translator;
+import net.sourceforge.jnlp.util.FileUtils;
 
 /**
  * The <code>KeyStores</code> class allows easily accessing the various KeyStores
@@ -339,6 +340,8 @@ public final class KeyStores {
                 if (!parent.isDirectory() && !parent.mkdirs()) {
                     throw new IOException("unable to create " + parent);
                 }
+                FileUtils.createRestrictedFile(file, true);
+
                 ks = KeyStore.getInstance(KEYSTORE_TYPE);
                 ks.load(null, password.toCharArray());
                 FileOutputStream fos = new FileOutputStream(file);
-- 
cgit v1.2.3