Windows: Fix installation directory permissions

For new installs, change owner rather than giving 'F' permission to Users group For existing installs, change owner and change 'F' permission to 'RX' for Users group Local privilege escalation vulnerability Introduced 2009-06-11, released in 0.7.5 2009-06-29 Reported by Juilo Cesar Fort of Blaze Information Security 2020-04-28
2020-05-23 11:28:15 +00:00
parent 766649bd54
commit 26e5f4c482
7 changed files with 88 additions and 35 deletions
--- a/router/java/src/net/i2p/router/Router.java
+++ b/router/java/src/net/i2p/router/Router.java
@@ -467,6 +467,8 @@ public class Router implements RouterClock.ClockShiftListener {
        _watchdogThread.setPriority(Thread.NORM_PRIORITY + 1);
        _watchdogThread.start();
        
+        if (SystemVersion.isWindows())
+            BasePerms.fix(_context);
    }
    
    /**
@@ -495,8 +497,6 @@ public class Router implements RouterClock.ClockShiftListener {
     */
    public void setKillVMOnEnd(boolean shouldDie) { _killVMOnEnd = shouldDie; }

-    /** @deprecated unused */
-    @Deprecated
    public boolean getKillVMOnEnd() { return _killVMOnEnd; }
    
    /** @return absolute path */
--- a/router/java/src/net/i2p/router/tasks/BasePerms.java
+++ b/router/java/src/net/i2p/router/tasks/BasePerms.java
@@ -0,0 +1,64 @@
+package net.i2p.router.tasks;
+
+import java.io.File;
+
+import net.i2p.router.RouterContext;
+import net.i2p.util.ShellCommand;
+import net.i2p.util.SystemVersion;
+import net.i2p.util.VersionComparator;
+
+/**
+ *
+ *  @since 0.9.46
+ */
+public class BasePerms {
+
+    private static final String FIXED_VER = "0.9.46";
+    private static final String PROP_FIXED = "router.fixedBasePerms";
+
+    /**
+     *
+     */
+    public static void fix(RouterContext ctx) {
+        if (!SystemVersion.isWindows())
+            return;
+        if (ctx.getBooleanProperty(PROP_FIXED))
+            return;
+        if (!ctx.router().getKillVMOnEnd())  // embedded
+            return;
+        File dir = ctx.getBaseDir();
+        File f = new File(dir, "history.txt");
+        if (f.exists() && !f.canWrite())     // no permissions, nothing we can do
+            return;
+
+        // broad permissions set starting in 0.7.5,
+        // but that's before we had the firstVersion property,
+        // so no use checking for earlier than that
+        String first = ctx.getProperty("router.firstVersion");
+        if (first == null || VersionComparator.comp(first, FIXED_VER) < 0) {
+            File f1 = new File(dir, "Uninstaller");  // izpack install
+            File f2 = new File(dir, "fixperms.log"); // fixperms.bat was run
+            if (f1.exists() && f2.exists()) {
+                File f3 = new File(dir, "fixperms.bat");
+                f3.delete();  // don't need it
+                try {
+                    fix(dir);
+                } catch (Exception e) {
+                }
+            }
+        }
+        ctx.router().saveConfig(PROP_FIXED, "true");
+    }
+
+    /**
+     *  Run the bat file
+     */
+    private static void fix(File f) {
+        File bat = new File(f, "scripts");
+        bat = new File(bat, "fixperms2.bat");
+        String[] args = { bat.getAbsolutePath(), f.getAbsolutePath() };
+        // don't wait, takes appx. 6 seconds on Windows 8 netbook
+        (new ShellCommand()).executeSilentAndWaitTimed(args, 0);
+    }
+}
+