Bug 208909 compreg.dat protection problem [OpenVMS status is decimal 114690]

lock down permissions and sanitize with comments r=dougt sr=dveditz a=asa
2005-06-10 17:32:48 +00:00 · 2005-06-10 17:32:48 +00:00 · 7c090bdf71
--- a/netwerk/cache/src/nsDiskCacheBlockFile.cpp
+++ b/netwerk/cache/src/nsDiskCacheBlockFile.cpp
@ -57,8 +57,8 @@ nsDiskCacheBlockFile::Open( nsILocalFile *  blockFile, PRUint32  blockSize)

    mBlockSize = blockSize;
    
-    // open the file
-    nsresult rv = blockFile->OpenNSPRFileDesc(PR_RDWR | PR_CREATE_FILE, 00666, &mFD);
+    // open the file - restricted to user, the data could be confidential
+    nsresult rv = blockFile->OpenNSPRFileDesc(PR_RDWR | PR_CREATE_FILE, 00600, &mFD);
    if (NS_FAILED(rv))  return rv;  // unable to open or create file
    
    // allocate bit map buffer
--- a/netwerk/cache/src/nsDiskCacheMap.cpp
+++ b/netwerk/cache/src/nsDiskCacheMap.cpp
@ -170,8 +170,8 @@ nsDiskCacheMap::Open(nsILocalFile *  cacheDirectory)
    rv = localFile->AppendNative(NS_LITERAL_CSTRING("_CACHE_MAP_"));
    if (NS_FAILED(rv))  return rv;

-    // open the file
-    rv = localFile->OpenNSPRFileDesc(PR_RDWR | PR_CREATE_FILE, 00666, &mMapFD);
+    // open the file - restricted to user, the data could be confidential
+    rv = localFile->OpenNSPRFileDesc(PR_RDWR | PR_CREATE_FILE, 00600, &mMapFD);
    if (NS_FAILED(rv))  return NS_ERROR_FILE_CORRUPTED;

    PRBool cacheFilesExist = CacheFilesExist();
@ -620,7 +620,8 @@ nsDiskCacheMap::ReadDiskCacheEntry(nsDiskCacheRecord * record, nsDiskCacheEntry
        if (NS_FAILED(rv))  return rv;

        PRFileDesc * fd = nsnull;
-        rv = file->OpenNSPRFileDesc(PR_RDONLY, 00666, &fd);
+        // open the file - restricted to user, the data could be confidential
+        rv = file->OpenNSPRFileDesc(PR_RDONLY, 00600, &fd);
        if (NS_FAILED(rv))  return rv;
        
        PRInt32 fileSize = PR_Available(fd);
@ -719,7 +720,8 @@ nsDiskCacheMap::WriteDiskCacheEntry(nsDiskCacheBinding *  binding)
        
        // open the file
        PRFileDesc * fd;
-        rv = localFile->OpenNSPRFileDesc(PR_RDWR | PR_TRUNCATE | PR_CREATE_FILE, 00666, &fd);
+        // open the file - restricted to user, the data could be confidential
+        rv = localFile->OpenNSPRFileDesc(PR_RDWR | PR_TRUNCATE | PR_CREATE_FILE, 00600, &fd);
        if (NS_FAILED(rv))  goto exit;  // unable to open or create file

        // write the file
--- a/netwerk/cache/src/nsDiskCacheStreams.cpp
+++ b/netwerk/cache/src/nsDiskCacheStreams.cpp
@ -621,8 +621,8 @@ nsDiskCacheStreamIO::OpenCacheFile(PRIntn flags, PRFileDesc ** fd)
                                                  getter_AddRefs(mLocalFile));
    if (NS_FAILED(rv))  return rv;
    
-    // create PRFileDesc for input stream
-    rv = mLocalFile->OpenNSPRFileDesc(flags, 00666, fd);
+    // create PRFileDesc for input stream - the 00600 is just for consistency
+    rv = mLocalFile->OpenNSPRFileDesc(flags, 00600, fd);
    if (NS_FAILED(rv))  return rv;  // unable to open file

    return NS_OK;
--- a/xpcom/components/nsComponentManager.cpp
+++ b/xpcom/components/nsComponentManager.cpp
@ -1445,7 +1445,8 @@ nsComponentManagerImpl::WritePersistentRegistry()
    localFile->SetNativeLeafName(leafName);

    PRFileDesc* fd = nsnull;
-    nsresult rv = localFile->OpenNSPRFileDesc(PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0666, &fd);
+    // Owner and group can setup components, everyone else should be able to see but not poison them.
+    nsresult rv = localFile->OpenNSPRFileDesc(PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0664, &fd);
    if (NS_FAILED(rv))
        return rv;

--- a/xpinstall/src/nsInstallPatch.cpp
+++ b/xpinstall/src/nsInstallPatch.cpp
@ -438,7 +438,8 @@ nsInstallPatch::NativePatch(nsIFile *sourceFile, nsIFile *patchFile, nsIFile **n
 		dd->bufsize = BUFSIZE;

 		// validate patch header & check for special instructions
-    patchFileLocal->OpenNSPRFileDesc(PR_RDONLY, 0666, &dd->fDiff);
+    // we're just reading, the 0400 is an annotation.
+    patchFileLocal->OpenNSPRFileDesc(PR_RDONLY, 0400, &dd->fDiff);

 		if (dd->fDiff != NULL)
 		{
@ -555,8 +556,9 @@ nsInstallPatch::NativePatch(nsIFile *sourceFile, nsIFile *patchFile, nsIFile **n
    nsCOMPtr<nsILocalFile> realFileLocal = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID);;
    realFileLocal->InitWithNativePath(realfile);

-    realFileLocal->OpenNSPRFileDesc(PR_RDONLY, 0666, &dd->fSrc);
-    outFileLocal->OpenNSPRFileDesc(PR_RDWR|PR_CREATE_FILE|PR_TRUNCATE, 0666, &dd->fOut);
+    // it's ok for people in the group to modify these files later, but it wouldn't be good for just anyone.
+    realFileLocal->OpenNSPRFileDesc(PR_RDONLY, 0664, &dd->fSrc);
+    outFileLocal->OpenNSPRFileDesc(PR_RDWR|PR_CREATE_FILE|PR_TRUNCATE, 0664, &dd->fOut);

    if (dd->fSrc != NULL && dd->fOut != NULL)
    {