[432872] [dstore] enforce secure permission bits for .dstore* logs
diff --git a/rse/plugins/org.eclipse.dstore.core/src/org/eclipse/dstore/core/model/DataStore.java b/rse/plugins/org.eclipse.dstore.core/src/org/eclipse/dstore/core/model/DataStore.java
index 4f88df4..7ddee2f 100644
--- a/rse/plugins/org.eclipse.dstore.core/src/org/eclipse/dstore/core/model/DataStore.java
+++ b/rse/plugins/org.eclipse.dstore.core/src/org/eclipse/dstore/core/model/DataStore.java
@@ -47,6 +47,7 @@
* David McKnight (IBM) - [390037] [dstore] Duplicated items in the System view
* David McKnight (IBM) - [396440] [dstore] fix issues with the spiriting mechanism and other memory improvements (phase 1)
* David McKnight (IBM) - [432875] [dstore] do not use rmt_classloader_cache*.jar
+ * David McKnight (IBM) - [432872] [dstore] enforce secure permission bits for .dstore* logs
*******************************************************************************/
package org.eclipse.dstore.core.model;
@@ -3720,7 +3721,7 @@
} catch (IOException e) {
}
}
- if (_traceFileHandle.canWrite()){
+ if (_traceFileHandle.canWrite() && setLogPermissions(_traceFileHandle)){
try
{
_traceFile = new RandomAccessFile(_traceFileHandle, "rw"); //$NON-NLS-1$
@@ -3778,7 +3779,7 @@
} catch (IOException e) {
}
}
- if (_memLoggingFileHandle.canWrite()){
+ if (_memLoggingFileHandle.canWrite() && setLogPermissions(_memLoggingFileHandle)){
try
{
_memLogFile = new RandomAccessFile(_memLoggingFileHandle, "rw"); //$NON-NLS-1$
@@ -4578,7 +4579,7 @@
{
if (_tracingOn) {
_traceFileHandle = new File(logDir, ".dstoreTrace"); //$NON-NLS-1$
- if (_traceFileHandle.canWrite()){
+ if (_traceFileHandle.canWrite() && setLogPermissions(_traceFileHandle)){
try
{
_traceFile = new RandomAccessFile(_traceFileHandle, "rw"); //$NON-NLS-1$
@@ -4610,5 +4611,27 @@
return _client;
}
+ /**
+ * Sets the log file permissions for a file based on the "log.file.mode" system property. If no
+ * such property exists, this just returns true.
+ * @param file the file to change permissions on
+ * @return true if successful or log.file.mode is turned off
+ */
+ private static boolean setLogPermissions(File file){
+ String fileMode = System.getProperty("log.file.mode"); //$NON-NLS-1$
+ if (fileMode != null && fileMode.length() > 0){
+ // just default to 600 for older levels of RSE
+ String mode = "600"; //$NON-NLS-1$
+ String chmodCmd = "chmod " + mode + ' ' + file.getAbsolutePath(); //$NON-NLS-1$
+ try {
+ Process p = Runtime.getRuntime().exec(chmodCmd);
+ return p.exitValue() == 0;
+ }
+ catch (Exception e){
+ return false;
+ }
+ }
+ return true;
+ }
}