data_path file permissions hardening (#1172)
This commit is contained in:
Russel Waters
Roy Keene
parent
6565c6958d
commit
cea1186841
10 changed files with 39 additions and 4 deletions
|
|
@ -483,6 +483,7 @@ TEST (block_store, DISABLED_already_open) // File can be shared
|
|||
{
|
||||
auto path (rai::unique_path ());
|
||||
boost::filesystem::create_directories (path.parent_path ());
|
||||
boost::filesystem::permissions (path.parent_path (), boost::filesystem::owner_all);
|
||||
std::ofstream file;
|
||||
file.open (path.string ().c_str ());
|
||||
ASSERT_TRUE (file.is_open ());
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
|
||||
set (platform_sources plat/default/priority.cpp)
|
||||
set (platform_sources plat/default/priority.cpp plat/posix/perms.cpp)
|
||||
elseif (${CMAKE_SYSTEM_NAME} MATCHES "Windows")
|
||||
set (platform_sources plat/windows/priority.cpp)
|
||||
set (platform_sources plat/windows/priority.cpp plat/windows/perms.cpp)
|
||||
elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
|
||||
set (platform_sources plat/linux/priority.cpp)
|
||||
set (platform_sources plat/linux/priority.cpp plat/posix/perms.cpp)
|
||||
elseif (${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")
|
||||
set (platform_sources plat/default/priority.cpp)
|
||||
set (platform_sources plat/default/priority.cpp plat/posix/perms.cpp)
|
||||
else ()
|
||||
error ("Unknown platform: ${CMAKE_SYSTEM_NAME}")
|
||||
endif ()
|
||||
|
|
|
|||
9
rai/lib/plat/posix/perms.cpp
Normal file
9
rai/lib/plat/posix/perms.cpp
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
#include <rai/lib/utility.hpp>
|
||||
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
void rai::set_umask ()
|
||||
{
|
||||
umask (077);
|
||||
}
|
||||
14
rai/lib/plat/windows/perms.cpp
Normal file
14
rai/lib/plat/windows/perms.cpp
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
#include <assert.h>
|
||||
#include <rai/lib/utility.hpp>
|
||||
|
||||
#include <io.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
void rai::set_umask ()
|
||||
{
|
||||
int oldMode;
|
||||
|
||||
auto result (_umask_s (_S_IWRITE | _S_IREAD, &oldMode));
|
||||
assert (result == 0);
|
||||
}
|
||||
|
|
@ -9,6 +9,7 @@ namespace rai
|
|||
{
|
||||
// Lower priority of calling work generating thread
|
||||
void work_thread_reprioritize ();
|
||||
void set_umask ();
|
||||
template <typename... T>
|
||||
class observer_set
|
||||
{
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ rai::mdb_env::mdb_env (bool & error_a, boost::filesystem::path const & path_a, i
|
|||
if (path_a.has_parent_path ())
|
||||
{
|
||||
boost::filesystem::create_directories (path_a.parent_path (), error);
|
||||
boost::filesystem::permissions (path_a.parent_path (), boost::filesystem::owner_all);
|
||||
if (!error)
|
||||
{
|
||||
auto status1 (mdb_env_create (&environment));
|
||||
|
|
|
|||
|
|
@ -2443,6 +2443,7 @@ void rai::node::backup_wallet ()
|
|||
{
|
||||
auto backup_path (application_path / "backup");
|
||||
boost::filesystem::create_directories (backup_path);
|
||||
boost::filesystem::permissions (backup_path, boost::filesystem::owner_all);
|
||||
i->second->store.write_backup (transaction, backup_path / (i->first.to_string () + ".json"));
|
||||
}
|
||||
auto this_l (shared ());
|
||||
|
|
@ -4116,6 +4117,7 @@ alarm (*service),
|
|||
work (1, nullptr)
|
||||
{
|
||||
boost::filesystem::create_directories (path);
|
||||
boost::filesystem::permissions (path, boost::filesystem::owner_all);
|
||||
logging.max_size = std::numeric_limits<std::uintmax_t>::max ();
|
||||
logging.init (path);
|
||||
node = std::make_shared<rai::node> (init, *service, 24000, path, alarm, logging, work);
|
||||
|
|
|
|||
|
|
@ -96,6 +96,7 @@ bool rai_daemon::daemon_config::upgrade_json (unsigned version_a, boost::propert
|
|||
void rai_daemon::daemon::run (boost::filesystem::path const & data_path)
|
||||
{
|
||||
boost::filesystem::create_directories (data_path);
|
||||
boost::filesystem::permissions (data_path, boost::filesystem::owner_all);
|
||||
rai_daemon::daemon_config config (data_path);
|
||||
auto config_path ((data_path / "config.json"));
|
||||
std::fstream config_file;
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
#include <rai/lib/utility.hpp>
|
||||
#include <rai/node/cli.hpp>
|
||||
#include <rai/node/node.hpp>
|
||||
#include <rai/node/testing.hpp>
|
||||
|
|
@ -10,6 +11,8 @@
|
|||
|
||||
int main (int argc, char * const * argv)
|
||||
{
|
||||
rai::set_umask ();
|
||||
|
||||
boost::program_options::options_description description ("Command line options");
|
||||
rai::add_node_options (description);
|
||||
|
||||
|
|
|
|||
|
|
@ -191,6 +191,7 @@ int run_wallet (QApplication & application, int argc, char * const * argv, boost
|
|||
{
|
||||
rai_qt::eventloop_processor processor;
|
||||
boost::filesystem::create_directories (data_path);
|
||||
boost::filesystem::permissions (data_path, boost::filesystem::owner_all);
|
||||
QPixmap pixmap (":/logo.png");
|
||||
QSplashScreen * splash = new QSplashScreen (pixmap);
|
||||
splash->show ();
|
||||
|
|
@ -285,6 +286,8 @@ int run_wallet (QApplication & application, int argc, char * const * argv, boost
|
|||
|
||||
int main (int argc, char * const * argv)
|
||||
{
|
||||
rai::set_umask ();
|
||||
|
||||
try
|
||||
{
|
||||
QApplication application (argc, const_cast<char **> (argv));
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue