From 2d1f02168f5eedb5c27d75ca4b5916c2821453be Mon Sep 17 00:00:00 2001
From: Dave McKnight <dmcknigh@ca.ibm.com>
Date: Wed, 16 Apr 2014 10:51:29 -0400
Subject: [PATCH] [432872] [dstore] enforce secure permission bits for .dstore*
 logs

---
 .../eclipse/dstore/core/model/DataStore.java  | 29 +++++++++++++++++--
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/rse/plugins/org.eclipse.dstore.core/src/org/eclipse/dstore/core/model/DataStore.java b/rse/plugins/org.eclipse.dstore.core/src/org/eclipse/dstore/core/model/DataStore.java
index 4f88df4fc26..7ddee2f402a 100644
--- a/rse/plugins/org.eclipse.dstore.core/src/org/eclipse/dstore/core/model/DataStore.java
+++ b/rse/plugins/org.eclipse.dstore.core/src/org/eclipse/dstore/core/model/DataStore.java
@@ -47,6 +47,7 @@
  * David McKnight   (IBM) - [390037] [dstore] Duplicated items in the System view
  * David McKnight   (IBM) - [396440] [dstore] fix issues with the spiriting mechanism and other memory improvements (phase 1)
  * David McKnight   (IBM) - [432875] [dstore] do not use rmt_classloader_cache*.jar
+ * David McKnight   (IBM) - [432872] [dstore] enforce secure permission bits for .dstore* logs
  *******************************************************************************/
 
 package org.eclipse.dstore.core.model;
@@ -3720,7 +3721,7 @@ public final class DataStore
 					} catch (IOException e) {
 					}
 				}
-				if (_traceFileHandle.canWrite()){
+				if (_traceFileHandle.canWrite() && setLogPermissions(_traceFileHandle)){
 					try
 					{
 						_traceFile = new RandomAccessFile(_traceFileHandle, "rw"); //$NON-NLS-1$
@@ -3778,7 +3779,7 @@ public final class DataStore
 					} catch (IOException e) {
 					}
 				}
-				if (_memLoggingFileHandle.canWrite()){
+				if (_memLoggingFileHandle.canWrite() && setLogPermissions(_memLoggingFileHandle)){
 					try
 					{
 						_memLogFile = new RandomAccessFile(_memLoggingFileHandle, "rw"); //$NON-NLS-1$
@@ -4578,7 +4579,7 @@ public final class DataStore
 			{
 				if (_tracingOn) {
 					_traceFileHandle = new File(logDir, ".dstoreTrace"); //$NON-NLS-1$
-					if (_traceFileHandle.canWrite()){
+					if (_traceFileHandle.canWrite() && setLogPermissions(_traceFileHandle)){
 						try
 						{
 							_traceFile = new RandomAccessFile(_traceFileHandle, "rw"); //$NON-NLS-1$
@@ -4610,5 +4611,27 @@ public final class DataStore
 		return _client;
 	}
 
+	/**
+	 * Sets the log file permissions for a file based on the "log.file.mode" system property.  If no
+	 * such property exists, this just returns true.
+	 * @param file the file to change permissions on
+	 * @return true if successful or log.file.mode is turned off
+	 */
+	private static boolean setLogPermissions(File file){
+		String fileMode = System.getProperty("log.file.mode"); //$NON-NLS-1$
+		if (fileMode != null && fileMode.length() > 0){
+			// just default to 600 for older levels of RSE
+			String mode = "600"; //$NON-NLS-1$
+			String chmodCmd = "chmod " + mode + ' ' + file.getAbsolutePath(); //$NON-NLS-1$
+			try {
+				Process p = Runtime.getRuntime().exec(chmodCmd);
+				return p.exitValue() == 0;
+			}
+			catch (Exception e){				
+				return false;
+			}
+		}
+		return true;
+	}
 
 }