From 96560e4426643be5805fe106764da8f3d1f09613 Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Wed, 24 Nov 2010 15:47:50 -0500
Subject: create files with reduced permissions when possible

2010-11-24  Omair Majid  <omajid@redhat.com>

    * netx/net/sourceforge/jnlp/util/FileUtils.java
    (createRestrictedDirectory): New method. Creates a directory with reduced
    permissions.
    (createRestrictedFile(File,boolean)): New method. Creates a file with reduced
    permissions.
    (createRestrictedFile(File,boolean,boolean): New method. Creates a file or
    a directory with reduced permissions.
    * netx/net/sourceforge/jnlp/Launcher.java
    (markNetxRunning): Do not grant unnecessary file permissions.
    * netx/net/sourceforge/jnlp/runtime/Boot.java: Remove umask from
    help message.
    * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
    (activateNative): Create file with proper permissions.
    (getNativeDir): Create directory with proper permissions.
    * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
    (initializeStreams): Create files with proper permissions.
    * netx/net/sourceforge/jnlp/security/CertWarningPane.java
    (CheckBoxListener.actionPerformed): Likewise.
    * netx/net/sourceforge/jnlp/security/KeyStores.java
    (createKeyStoreFromFile): Likewise.
    * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
    (ImportButtonListener.actionPerformed): Likewise.
    (RemoveButtonListener.actionPerformed): Likewise.
    * netx/net/sourceforge/jnlp/services/SingleInstanceLock.java
    (createWithPort): Likewise.
    (getLockFile): Likewise.
    * netx/net/sourceforge/jnlp/services/XExtendedService.java
    (openFile): Likewise.
    * netx/net/sourceforge/jnlp/services/XPersistenceService.java
    (create): Likewise.
    * netx/net/sourceforge/jnlp/util/XDesktopEntry.java
    (installDesktopLauncher): Likewise.
    * netx/net/sourceforge/jnlp/resources/Messages.properties: Add
    CantCreateFile, RCantCreateDir and RCantRename. Remove BNoBase and
    BOUmask.
---
 netx/net/sourceforge/jnlp/util/FileUtils.java | 75 +++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)

(limited to 'netx/net/sourceforge/jnlp/util/FileUtils.java')

diff --git a/netx/net/sourceforge/jnlp/util/FileUtils.java b/netx/net/sourceforge/jnlp/util/FileUtils.java
index aa1c316..b006424 100644
--- a/netx/net/sourceforge/jnlp/util/FileUtils.java
+++ b/netx/net/sourceforge/jnlp/util/FileUtils.java
@@ -16,6 +16,8 @@
 
 package net.sourceforge.jnlp.util;
 
+import static net.sourceforge.jnlp.runtime.Translator.R;
+
 import java.io.File;
 import java.io.IOException;
 
@@ -71,6 +73,79 @@ public final class FileUtils {
         return filename;
     }
 
+    /**
+     * Creates a new directory with minimum permissions. The directory is not
+     * readable or writable by anyone other than the owner. The parent
+     * directories are not created; they must exist before this is called.
+     *
+     * @throws IOException
+     */
+    public static void createRestrictedDirectory(File directory) throws IOException {
+        createRestrictedFile(directory, true, true);
+    }
+
+    /**
+     * Creates a new file with minimum permissions. The file is not readable or
+     * writable by anyone other than the owner. If writeableByOnwer is false,
+     * even the owner can not write to it.
+     *
+     * @throws IOException
+     */
+    public static void createRestrictedFile(File file, boolean writableByOwner) throws IOException {
+        createRestrictedFile(file, false, writableByOwner);
+    }
+
+    /**
+     * Creates a new file or directory with minimum permissions. The file is not
+     * readable or writable by anyone other than the owner. If writeableByOnwer
+     * is false, even the owner can not write to it. If isDir is true, then the
+     * directory can be executed by the owner
+     *
+     * @throws IOException
+     */
+    private static void createRestrictedFile(File file, boolean isDir, boolean writableByOwner) throws IOException {
+
+        File tempFile = null;
+
+        tempFile = new File(file.getCanonicalPath() + ".temp");
+
+        if (isDir) {
+            if (!tempFile.mkdir()) {
+                throw new IOException(R("RCantCreateDir", tempFile));
+            }
+        } else {
+            if (!tempFile.createNewFile()) {
+                throw new IOException(R("RCantCreateFile", tempFile));
+            }
+        }
+
+        // remove all permissions
+        tempFile.setExecutable(false, false);
+        tempFile.setReadable(false, false);
+        tempFile.setWritable(false, false);
+
+        // allow owner to read
+        tempFile.setReadable(true, true);
+
+        // allow owner to write
+        if (writableByOwner) {
+            tempFile.setWritable(true, true);
+        }
+
+        // allow owner to enter directories
+        if (isDir) {
+            tempFile.setExecutable(true, true);
+        }
+
+        // rename this file. Unless the file is moved/renamed, any program that
+        // opened the file right after it was created might still be able to
+        // read the data.
+        if (!tempFile.renameTo(file)) {
+            throw new IOException(R("RCantRename", tempFile, file));
+        }
+
+    }
+
     /**
      * Returns a String that is suitable for using in GUI elements for
      * displaying (long) paths to users.
-- 
cgit v1.2.3