/hg/icedtea-web: create files with reduced permissions when poss...
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Wed Nov 24 12:53:05 PST 2010
changeset dcd3d1728ff4 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=dcd3d1728ff4
author: Omair Majid <omajid at redhat.com>
date: Wed Nov 24 15:47:50 2010 -0500
create files with reduced permissions when possible
2010-11-24 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/util/FileUtils.java
(createRestrictedDirectory): New method. Creates a directory with
reduced permissions. (createRestrictedFile(File,boolean)):
New method. Creates a file with reduced permissions.
(createRestrictedFile(File,boolean,boolean): New method. Creates a
file or a directory with reduced permissions.
* netx/net/sourceforge/jnlp/Launcher.java (markNetxRunning): Do
not grant unnecessary file permissions.
* netx/net/sourceforge/jnlp/runtime/Boot.java: Remove umask from
help message.
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(activateNative): Create file with proper permissions.
(getNativeDir): Create directory with proper permissions.
* netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
(initializeStreams): Create files with proper permissions.
* netx/net/sourceforge/jnlp/security/CertWarningPane.java
(CheckBoxListener.actionPerformed): Likewise.
* netx/net/sourceforge/jnlp/security/KeyStores.java
(createKeyStoreFromFile): Likewise.
* netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
(ImportButtonListener.actionPerformed): Likewise.
(RemoveButtonListener.actionPerformed): Likewise.
* netx/net/sourceforge/jnlp/services/SingleInstanceLock.java
(createWithPort): Likewise. (getLockFile): Likewise.
* netx/net/sourceforge/jnlp/services/XExtendedService.java
(openFile): Likewise.
* netx/net/sourceforge/jnlp/services/XPersistenceService.java
(create): Likewise.
* netx/net/sourceforge/jnlp/util/XDesktopEntry.java
(installDesktopLauncher): Likewise.
* netx/net/sourceforge/jnlp/resources/Messages.properties: Add
CantCreateFile, RCantCreateDir and RCantRename. Remove BNoBase and
BOUmask.
diffstat:
14 files changed, 184 insertions(+), 29 deletions(-)
ChangeLog | 38 +++++
netx/net/sourceforge/jnlp/Launcher.java | 14 -
netx/net/sourceforge/jnlp/resources/Messages.properties | 5
netx/net/sourceforge/jnlp/runtime/Boot.java | 1
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 14 +
netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java | 11 -
netx/net/sourceforge/jnlp/security/CertWarningPane.java | 9 +
netx/net/sourceforge/jnlp/security/KeyStores.java | 3
netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java | 19 ++
netx/net/sourceforge/jnlp/services/SingleInstanceLock.java | 13 +
netx/net/sourceforge/jnlp/services/XFileSaveService.java | 3
netx/net/sourceforge/jnlp/services/XPersistenceService.java | 5
netx/net/sourceforge/jnlp/util/FileUtils.java | 75 ++++++++++
netx/net/sourceforge/jnlp/util/XDesktopEntry.java | 3
diffs (459 lines):
diff -r 5267f9104d5f -r dcd3d1728ff4 ChangeLog
--- a/ChangeLog Wed Nov 24 15:22:03 2010 -0500
+++ b/ChangeLog Wed Nov 24 15:47:50 2010 -0500
@@ -1,3 +1,41 @@ 2010-11-24 Deepak Bhole <dbhole at redhat.
+2010-11-24 Omair Majid <omajid at redhat.com>
+
+ * netx/net/sourceforge/jnlp/util/FileUtils.java
+ (createRestrictedDirectory): New method. Creates a directory with reduced
+ permissions.
+ (createRestrictedFile(File,boolean)): New method. Creates a file with reduced
+ permissions.
+ (createRestrictedFile(File,boolean,boolean): New method. Creates a file or
+ a directory with reduced permissions.
+ * netx/net/sourceforge/jnlp/Launcher.java
+ (markNetxRunning): Do not grant unnecessary file permissions.
+ * netx/net/sourceforge/jnlp/runtime/Boot.java: Remove umask from
+ help message.
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+ (activateNative): Create file with proper permissions.
+ (getNativeDir): Create directory with proper permissions.
+ * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
+ (initializeStreams): Create files with proper permissions.
+ * netx/net/sourceforge/jnlp/security/CertWarningPane.java
+ (CheckBoxListener.actionPerformed): Likewise.
+ * netx/net/sourceforge/jnlp/security/KeyStores.java
+ (createKeyStoreFromFile): Likewise.
+ * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
+ (ImportButtonListener.actionPerformed): Likewise.
+ (RemoveButtonListener.actionPerformed): Likewise.
+ * netx/net/sourceforge/jnlp/services/SingleInstanceLock.java
+ (createWithPort): Likewise.
+ (getLockFile): Likewise.
+ * netx/net/sourceforge/jnlp/services/XExtendedService.java
+ (openFile): Likewise.
+ * netx/net/sourceforge/jnlp/services/XPersistenceService.java
+ (create): Likewise.
+ * netx/net/sourceforge/jnlp/util/XDesktopEntry.java
+ (installDesktopLauncher): Likewise.
+ * netx/net/sourceforge/jnlp/resources/Messages.properties: Add
+ CantCreateFile, RCantCreateDir and RCantRename. Remove BNoBase and
+ BOUmask.
+
2010-11-24 Deepak Bhole <dbhole at redhat.com>
Fix PR593: Increment of invalidated iterator in IcedTeaPluginUtils (patch
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/Launcher.java
--- a/netx/net/sourceforge/jnlp/Launcher.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/Launcher.java Wed Nov 24 15:47:50 2010 -0500
@@ -48,6 +48,7 @@ import net.sourceforge.jnlp.runtime.JNLP
import net.sourceforge.jnlp.runtime.JNLPRuntime;
import net.sourceforge.jnlp.services.InstanceExistsException;
import net.sourceforge.jnlp.services.ServiceUtil;
+import net.sourceforge.jnlp.util.FileUtils;
import net.sourceforge.jnlp.util.Reflect;
import javax.swing.SwingUtilities;
@@ -727,22 +728,15 @@ public class Launcher {
File netxRunningFile = new File(JNLPRuntime.getConfiguration()
.getProperty(DeploymentConfiguration.KEY_USER_NETX_RUNNING_FILE));
- netxRunningFile.getParentFile().mkdirs();
- if (netxRunningFile.createNewFile()) {
+ if (!netxRunningFile.exists()) {
+ netxRunningFile.getParentFile().mkdirs();
+ FileUtils.createRestrictedFile(netxRunningFile, true);
FileOutputStream fos = new FileOutputStream(netxRunningFile);
try {
fos.write(message.getBytes());
} finally {
fos.close();
}
- }
-
- if (!netxRunningFile.isFile()) {
- if (JNLPRuntime.isDebug()) {
- System.err.println("Unable to create instance file");
- }
- fileLock = null;
- return;
}
FileInputStream is = new FileInputStream(netxRunningFile);
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Nov 24 15:47:50 2010 -0500
@@ -124,11 +124,13 @@ BBadProp=Incorrect property format {0} (
BBadProp=Incorrect property format {0} (should be key=value)
BBadParam=Incorrect parameter format {0} (should be name=value)
BNoDir=Directory {0} does not exist.
-BNoBase=No base directory (contains cache and other data)
RNoResource=Missing Resource: {0}
RShutdown=This exception to prevent shutdown of JVM, but the process has been terminated.
RExitTaken=Exit class already set and caller is not exit class.
RCantReplaceSM=Changing the SecurityManager is not allowed.
+RCantCreateFile=Cant create file {0}
+RCantCreateDir=Cant create directory {0}
+RCantRename=Cant rename {0} to {0}
RDenyStopped=Stopped applications have no permissions.
RExitNoApp=Can not exit the JVM because the current application cannot be determined.
RNoLockDir=Unable to create locks directory ({0})
@@ -152,7 +154,6 @@ BOHeadless = Disables download window,
BOHeadless = Disables download window, other UIs.
BOStrict = Enables strict checking of JNLP file format.
BOViewer = Shows the trusted certificate viewer.
-BOUmask = Sets the umask for files created by an application.
BXnofork = Do not create another JVM.
BXclearcache= Clean the JNLP application cache.
BOHelp = Print this message and exit.
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/runtime/Boot.java
--- a/netx/net/sourceforge/jnlp/runtime/Boot.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/Boot.java Wed Nov 24 15:47:50 2010 -0500
@@ -105,7 +105,6 @@ public final class Boot implements Privi
+ " -noupdate "+R("BONoupdate")+"\n"
+ " -headless "+R("BOHeadless")+"\n"
+ " -strict "+R("BOStrict")+"\n"
- + " -umask=value "+R("BOUmask")+"\n"
+ " -Xnofork "+R("BXnofork")+"\n"
+ " -Xclearcache "+R("BXclearcache")+"\n"
+ " -help "+R("BOHelp")+"\n";
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Nov 24 15:47:50 2010 -0500
@@ -815,7 +815,9 @@ public class JNLPClassLoader extends URL
nativeDir = getNativeDir();
File outFile = new File(nativeDir, name);
-
+ if (!outFile.isFile()) {
+ FileUtils.createRestrictedFile(outFile, true);
+ }
CacheUtil.streamCopy(jarFile.getInputStream(e),
new FileOutputStream(outFile));
@@ -837,12 +839,18 @@ public class JNLPClassLoader extends URL
+ File.separator + "netx-native-"
+ (new Random().nextInt() & 0xFFFF));
- if (!nativeDir.mkdirs())
+ File parent = nativeDir.getParentFile();
+ if (!parent.isDirectory() && !parent.mkdirs()) {
return null;
- else {
+ }
+
+ try {
+ FileUtils.createRestrictedDirectory(nativeDir);
// add this new native directory to the search path
addNativeDirectory(nativeDir);
return nativeDir;
+ } catch (IOException e) {
+ return null;
}
}
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Wed Nov 24 15:47:50 2010 -0500
@@ -268,12 +268,15 @@ public class JNLPRuntime {
.getProperty(DeploymentConfiguration.KEY_ENABLE_LOGGING));
if (redirectStreams || enableLogging) {
String logDir = config.getProperty(DeploymentConfiguration.KEY_USER_LOG_DIR);
- File errFile = new File(logDir, JNLPRuntime.STDERR_FILE);
- errFile.getParentFile().mkdirs();
- File outFile = new File(logDir, JNLPRuntime.STDOUT_FILE);
- outFile.getParentFile().mkdirs();
try {
+ File errFile = new File(logDir, JNLPRuntime.STDERR_FILE);
+ errFile.getParentFile().mkdirs();
+ FileUtils.createRestrictedFile(errFile, true);
+ File outFile = new File(logDir, JNLPRuntime.STDOUT_FILE);
+ outFile.getParentFile().mkdirs();
+ FileUtils.createRestrictedFile(outFile, true);
+
if (redirectStreams) {
System.setErr(new PrintStream(new FileOutputStream(errFile)));
System.setOut(new PrintStream(new FileOutputStream(outFile)));
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/security/CertWarningPane.java
--- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java Wed Nov 24 15:47:50 2010 -0500
@@ -47,6 +47,7 @@ import java.awt.GridLayout;
import java.awt.GridLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
+import java.io.File;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.KeyStore;
@@ -68,6 +69,7 @@ import net.sourceforge.jnlp.security.Key
import net.sourceforge.jnlp.security.KeyStores.Level;
import net.sourceforge.jnlp.security.KeyStores.Type;
import net.sourceforge.jnlp.security.SecurityWarning.AccessType;
+import net.sourceforge.jnlp.util.FileUtils;
/**
* Provides the panel for using inside a SecurityWarningDialog. These dialogs are
@@ -246,7 +248,12 @@ public class CertWarningPane extends Sec
KeyStore ks = KeyStores.getKeyStore(Level.USER, Type.CERTS);
X509Certificate c = (X509Certificate) parent.getJarSigner().getPublisher();
CertificateUtils.addToKeyStore(c, ks);
- OutputStream os = new FileOutputStream(KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS));
+ File keyStoreFile = new File(KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS));
+ if (!keyStoreFile.isFile()) {
+ FileUtils.createRestrictedFile(keyStoreFile, true);
+ }
+
+ OutputStream os = new FileOutputStream(keyStoreFile);
ks.store(os, KeyStores.getPassword());
if (JNLPRuntime.isDebug()) {
System.out.println("certificate is now permanently trusted");
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/security/KeyStores.java
--- a/netx/net/sourceforge/jnlp/security/KeyStores.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/security/KeyStores.java Wed Nov 24 15:47:50 2010 -0500
@@ -53,6 +53,7 @@ import net.sourceforge.jnlp.runtime.Depl
import net.sourceforge.jnlp.runtime.DeploymentConfiguration;
import net.sourceforge.jnlp.runtime.JNLPRuntime;
import net.sourceforge.jnlp.runtime.Translator;
+import net.sourceforge.jnlp.util.FileUtils;
/**
* The <code>KeyStores</code> class allows easily accessing the various KeyStores
@@ -339,6 +340,8 @@ public final class KeyStores {
if (!parent.isDirectory() && !parent.mkdirs()) {
throw new IOException("unable to create " + parent);
}
+ FileUtils.createRestrictedFile(file, true);
+
ks = KeyStore.getInstance(KEYSTORE_TYPE);
ks.load(null, password.toCharArray());
FileOutputStream fos = new FileOutputStream(file);
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java
--- a/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java Wed Nov 24 15:47:50 2010 -0500
@@ -45,6 +45,7 @@ import java.awt.event.ActionEvent;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.KeyEvent;
+import java.io.File;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.io.PrintStream;
@@ -76,6 +77,7 @@ import net.sourceforge.jnlp.security.Sec
import net.sourceforge.jnlp.security.SecurityUtil;
import net.sourceforge.jnlp.security.SecurityWarningDialog;
import net.sourceforge.jnlp.security.KeyStores.Level;
+import net.sourceforge.jnlp.util.FileUtils;
public class CertificatePane extends JPanel {
@@ -361,8 +363,13 @@ public class CertificatePane extends JPa
try {
KeyStore ks = keyStore;
CertificateUtils.addToKeyStore(chooser.getSelectedFile(), ks);
- OutputStream os = new FileOutputStream(
- KeyStores.getKeyStoreLocation(currentKeyStoreLevel, currentKeyStoreType));
+ File keyStoreFile = new File(KeyStores
+ .getKeyStoreLocation(currentKeyStoreLevel, currentKeyStoreType));
+ if (!keyStoreFile.isFile()) {
+ FileUtils.createRestrictedFile(keyStoreFile, true);
+ }
+
+ OutputStream os = new FileOutputStream(keyStoreFile);
ks.store(os, KeyStores.getPassword());
repopulateTables();
} catch (Exception ex) {
@@ -436,8 +443,12 @@ public class CertificatePane extends JPa
JOptionPane.YES_NO_OPTION);
if (i == 0) {
keyStore.deleteEntry(alias);
- FileOutputStream fos = new FileOutputStream(
- KeyStores.getKeyStoreLocation(currentKeyStoreLevel, currentKeyStoreType));
+ File keyStoreFile = new File(KeyStores
+ .getKeyStoreLocation(currentKeyStoreLevel, currentKeyStoreType));
+ if (!keyStoreFile.isFile()) {
+ FileUtils.createRestrictedFile(keyStoreFile, true);
+ }
+ FileOutputStream fos = new FileOutputStream(keyStoreFile);
keyStore.store(fos, KeyStores.getPassword());
fos.close();
}
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/services/SingleInstanceLock.java
--- a/netx/net/sourceforge/jnlp/services/SingleInstanceLock.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/services/SingleInstanceLock.java Wed Nov 24 15:47:50 2010 -0500
@@ -67,6 +67,7 @@ class SingleInstanceLock {
*/
public void createWithPort(int localPort) throws IOException {
+ FileUtils.createRestrictedFile(lockFile, true);
BufferedWriter lockFileWriter = new BufferedWriter(new FileWriter(lockFile, false));
lockFileWriter.write(String.valueOf(localPort));
lockFileWriter.newLine();
@@ -132,9 +133,17 @@ class SingleInstanceLock {
File baseDir = new File(JNLPRuntime.getConfiguration()
.getProperty(DeploymentConfiguration.KEY_USER_LOCKS_DIR));
- if (!baseDir.isDirectory() && !baseDir.mkdirs()) {
- throw new RuntimeException(R("RNoLockDir", baseDir));
+ if (!baseDir.isDirectory()) {
+ if (!baseDir.getParentFile().isDirectory() && !baseDir.getParentFile().mkdirs()) {
+ throw new RuntimeException(R("RNoLockDir", baseDir));
+ }
+ try {
+ FileUtils.createRestrictedDirectory(baseDir);
+ } catch (IOException e) {
+ throw new RuntimeException(R("RNoLockDir", baseDir));
+ }
}
+
String lockFileName = getLockFileName();
File applicationLockFile = new File(baseDir, lockFileName);
return applicationLockFile;
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/services/XFileSaveService.java
--- a/netx/net/sourceforge/jnlp/services/XFileSaveService.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/services/XFileSaveService.java Wed Nov 24 15:47:50 2010 -0500
@@ -44,6 +44,7 @@ import javax.jnlp.*;
import javax.jnlp.*;
import net.sourceforge.jnlp.security.SecurityWarning.AccessType;
+import net.sourceforge.jnlp.util.FileUtils;
import javax.swing.JFileChooser;
import javax.swing.JOptionPane;
@@ -121,7 +122,7 @@ class XFileSaveService implements FileSa
if (!replace)
return;
} else {
- file.createNewFile();
+ FileUtils.createRestrictedFile(file, true);
}
if (file.canWrite()) {
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/services/XPersistenceService.java
--- a/netx/net/sourceforge/jnlp/services/XPersistenceService.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/services/XPersistenceService.java Wed Nov 24 15:47:50 2010 -0500
@@ -26,6 +26,7 @@ import net.sourceforge.jnlp.*;
import net.sourceforge.jnlp.*;
import net.sourceforge.jnlp.cache.*;
import net.sourceforge.jnlp.runtime.*;
+import net.sourceforge.jnlp.util.FileUtils;
/**
* The BasicService JNLP service.
@@ -96,8 +97,10 @@ class XPersistenceService implements Per
File file = toCacheFile(location);
file.getParentFile().mkdirs();
- if (!file.createNewFile())
+ if (file.exists())
throw new IOException("File already exists.");
+
+ FileUtils.createRestrictedFile(file, true);
return maxsize;
}
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/util/FileUtils.java
--- a/netx/net/sourceforge/jnlp/util/FileUtils.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/util/FileUtils.java Wed Nov 24 15:47:50 2010 -0500
@@ -15,6 +15,8 @@
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
package net.sourceforge.jnlp.util;
+
+import static net.sourceforge.jnlp.runtime.Translator.R;
import java.io.File;
import java.io.IOException;
@@ -69,6 +71,79 @@ public final class FileUtils {
filename = filename.replace(INVALID_CHARS[i], SANITIZED_CHAR);
return filename;
+ }
+
+ /**
+ * Creates a new directory with minimum permissions. The directory is not
+ * readable or writable by anyone other than the owner. The parent
+ * directories are not created; they must exist before this is called.
+ *
+ * @throws IOException
+ */
+ public static void createRestrictedDirectory(File directory) throws IOException {
+ createRestrictedFile(directory, true, true);
+ }
+
+ /**
+ * Creates a new file with minimum permissions. The file is not readable or
+ * writable by anyone other than the owner. If writeableByOnwer is false,
+ * even the owner can not write to it.
+ *
+ * @throws IOException
+ */
+ public static void createRestrictedFile(File file, boolean writableByOwner) throws IOException {
+ createRestrictedFile(file, false, writableByOwner);
+ }
+
+ /**
+ * Creates a new file or directory with minimum permissions. The file is not
+ * readable or writable by anyone other than the owner. If writeableByOnwer
+ * is false, even the owner can not write to it. If isDir is true, then the
+ * directory can be executed by the owner
+ *
+ * @throws IOException
+ */
+ private static void createRestrictedFile(File file, boolean isDir, boolean writableByOwner) throws IOException {
+
+ File tempFile = null;
+
+ tempFile = new File(file.getCanonicalPath() + ".temp");
+
+ if (isDir) {
+ if (!tempFile.mkdir()) {
+ throw new IOException(R("RCantCreateDir", tempFile));
+ }
+ } else {
+ if (!tempFile.createNewFile()) {
+ throw new IOException(R("RCantCreateFile", tempFile));
+ }
+ }
+
+ // remove all permissions
+ tempFile.setExecutable(false, false);
+ tempFile.setReadable(false, false);
+ tempFile.setWritable(false, false);
+
+ // allow owner to read
+ tempFile.setReadable(true, true);
+
+ // allow owner to write
+ if (writableByOwner) {
+ tempFile.setWritable(true, true);
+ }
+
+ // allow owner to enter directories
+ if (isDir) {
+ tempFile.setExecutable(true, true);
+ }
+
+ // rename this file. Unless the file is moved/renamed, any program that
+ // opened the file right after it was created might still be able to
+ // read the data.
+ if (!tempFile.renameTo(file)) {
+ throw new IOException(R("RCantRename", tempFile, file));
+ }
+
}
/**
diff -r 5267f9104d5f -r dcd3d1728ff4 netx/net/sourceforge/jnlp/util/XDesktopEntry.java
--- a/netx/net/sourceforge/jnlp/util/XDesktopEntry.java Wed Nov 24 15:22:03 2010 -0500
+++ b/netx/net/sourceforge/jnlp/util/XDesktopEntry.java Wed Nov 24 15:47:50 2010 -0500
@@ -158,6 +158,9 @@ public class XDesktopEntry {
if (!shortcutFile.getParentFile().isDirectory() && !shortcutFile.getParentFile().mkdirs()) {
throw new IOException(shortcutFile.getParentFile().toString());
}
+
+ FileUtils.createRestrictedFile(shortcutFile, true);
+
/*
* Write out a Java String (UTF-16) as a UTF-8 file
*/
More information about the distro-pkg-dev
mailing list