From 26e5f4c482c53549c8c46d7b76d0ab0e067e21c4 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Sat, 23 May 2020 11:28:15 +0000
Subject: [PATCH] Windows: Fix installation directory permissions For new
 installs, change owner rather than giving 'F' permission to Users group For
 existing installs, change owner and change 'F' permission to 'RX' for Users
 group Local privilege escalation vulnerability Introduced 2009-06-11,
 released in 0.7.5 2009-06-29 Reported by Juilo Cesar Fort of Blaze
 Information Security 2020-04-28

---
 build.xml                                     |  1 +
 installer/install.xml                         | 17 +----
 installer/install5.xml                        | 17 +----
 installer/resources/fixperms.bat              |  2 +-
 installer/resources/fixperms2.bat             | 18 ++++++
 router/java/src/net/i2p/router/Router.java    |  4 +-
 .../src/net/i2p/router/tasks/BasePerms.java   | 64 +++++++++++++++++++
 7 files changed, 88 insertions(+), 35 deletions(-)
 create mode 100644 installer/resources/fixperms2.bat
 create mode 100644 router/java/src/net/i2p/router/tasks/BasePerms.java

diff --git a/build.xml b/build.xml
index dc37b4cb9a..4d6422d484 100644
--- a/build.xml
+++ b/build.xml
@@ -1737,6 +1737,7 @@
         <copy todir="pkg-temp/man/">
             <fileset dir="installer/resources/man/" />
         </copy>
+        <copy file="installer/resources/fixperms2.bat" todir="pkg-temp/scripts/" />
     </target>
 
     <target name="truncatehistory">
diff --git a/installer/install.xml b/installer/install.xml
index ec811fa812..e4d527c167 100644
--- a/installer/install.xml
+++ b/installer/install.xml
@@ -19,21 +19,6 @@
          -->
 
         <!-- adding this element will make the installer attempt to launch itself with administrator permissions,
-             but see http://www.nabble.com/Classpath-security-issues-on-Vista-td22456230.html
-             which says it isn't sufficient:
-
-		Just to let you know that I managed to identify and resolve the problem (in
-		case anyone else has it).  The default installation directory for Vista is
-		under "Program Files" which is a "special" directory which can only be
-		written to (create sub-directories) by administrators.  However, stupid
-		Vista downgrades an administrator to a normal user when the program is run
-		via the application shortcut menu.  As you suggested, I added a script which
-		runs ICACLS which resolved the problem, i.e.
-
-		icacls %1 /grant Users:F /T > priv.log
-
-		The command needs to be run as a Process rather than as an executable tag in
-		order to pass $INSTALL_PATH as a parameter.
          -->
         <run-privileged condition="izpack.windowsinstall.vista|izpack.windowsinstall.7"/>
     </info>
@@ -263,7 +248,7 @@
                 </args>
             </executable>
 
-            <!-- workaround for vista permission problems - see comments above -->
+            <!-- change owner to %username% so updates will work -->
             <executable targetfile="$INSTALL_PATH/fixperms.bat" type="bin" stage="postinstall" keep="true" failure="warn"
                 condition="!izpack.windowsinstall.xp+!izpack.windowsinstall.2003" >
                 <os family="windows" />
diff --git a/installer/install5.xml b/installer/install5.xml
index f1bd322b5f..570e25928a 100644
--- a/installer/install5.xml
+++ b/installer/install5.xml
@@ -18,21 +18,6 @@
         <javaversion>1.7</javaversion>
 
         <!-- adding this element will make the installer attempt to launch itself with administrator permissions,
-             but see http://www.nabble.com/Classpath-security-issues-on-Vista-td22456230.html
-             which says it isn't sufficient:
-
-		Just to let you know that I managed to identify and resolve the problem (in
-		case anyone else has it).  The default installation directory for Vista is
-		under "Program Files" which is a "special" directory which can only be
-		written to (create sub-directories) by administrators.  However, stupid
-		Vista downgrades an administrator to a normal user when the program is run
-		via the application shortcut menu.  As you suggested, I added a script which
-		runs ICACLS which resolved the problem, i.e.
-
-		icacls %1 /grant Users:F /T > priv.log
-
-		The command needs to be run as a Process rather than as an executable tag in
-		order to pass $INSTALL_PATH as a parameter.
          -->
         <run-privileged condition="izpack.windowsinstall.vista|izpack.windowsinstall.7"/>
     </info>
@@ -315,7 +300,7 @@ https://izpack.atlassian.net/wiki/spaces/IZPACK/pages/491730/GUI+Preferences
                 </args>
             </executable>
 
-            <!-- workaround for vista permission problems - see comments above -->
+            <!-- change owner to %username% so updates will work -->
             <executable targetfile="$INSTALL_PATH/fixperms.bat" type="bin" stage="postinstall" keep="true" failure="warn"
                 condition="!izpack.windowsinstall.xp+!izpack.windowsinstall.2003" >
                 <os family="windows" />
diff --git a/installer/resources/fixperms.bat b/installer/resources/fixperms.bat
index 853f0682b4..bd2c74cbfa 100644
--- a/installer/resources/fixperms.bat
+++ b/installer/resources/fixperms.bat
@@ -16,4 +16,4 @@
 :: Specifying the SID will work on ALL versions of Windows.
 :: List of well-known SIDs at http://support.microsoft.com/kb/243330/en-us
 ::
-echo Y|icacls %1 /grant  *S-1-5-32-545:F /c /t > %1%\fixperms.log
+echo Y|icacls %1 /grant %username%:F /c /t /q > %1%\fixperms.log
diff --git a/installer/resources/fixperms2.bat b/installer/resources/fixperms2.bat
new file mode 100644
index 0000000000..a62e16dca6
--- /dev/null
+++ b/installer/resources/fixperms2.bat
@@ -0,0 +1,18 @@
+:: Fix the problems caused by previous fixperms.bat
+::
+:: 'echo Y' to get past the 'are you sure' question...
+:: cacls requires it on XP, icacls doesnt appear so, but can't hurt
+:: F : full control
+:: /c : continue on error
+:: /q : quiet
+:: /t : recursive
+::
+:: Note: We should not use the group name "Users" since this group will not
+:: exist on non-English versions of Windows.
+::
+:: S-1-5-32-545 = Users (en). Benutzer (de), etc.
+::
+:: Specifying the SID will work on ALL versions of Windows.
+:: List of well-known SIDs at http://support.microsoft.com/kb/243330/en-us
+::
+echo Y|icacls %1 /grant:r %username%:F *S-1-5-32-545:RX /c /t /q > %1%\fixperms.log
diff --git a/router/java/src/net/i2p/router/Router.java b/router/java/src/net/i2p/router/Router.java
index 03e598476d..ac4f88c849 100644
--- a/router/java/src/net/i2p/router/Router.java
+++ b/router/java/src/net/i2p/router/Router.java
@@ -467,6 +467,8 @@ public class Router implements RouterClock.ClockShiftListener {
         _watchdogThread.setPriority(Thread.NORM_PRIORITY + 1);
         _watchdogThread.start();
         
+        if (SystemVersion.isWindows())
+            BasePerms.fix(_context);
     }
     
     /**
@@ -495,8 +497,6 @@ public class Router implements RouterClock.ClockShiftListener {
      */
     public void setKillVMOnEnd(boolean shouldDie) { _killVMOnEnd = shouldDie; }
 
-    /** @deprecated unused */
-    @Deprecated
     public boolean getKillVMOnEnd() { return _killVMOnEnd; }
     
     /** @return absolute path */
diff --git a/router/java/src/net/i2p/router/tasks/BasePerms.java b/router/java/src/net/i2p/router/tasks/BasePerms.java
new file mode 100644
index 0000000000..4384b3eed8
--- /dev/null
+++ b/router/java/src/net/i2p/router/tasks/BasePerms.java
@@ -0,0 +1,64 @@
+package net.i2p.router.tasks;
+
+import java.io.File;
+
+import net.i2p.router.RouterContext;
+import net.i2p.util.ShellCommand;
+import net.i2p.util.SystemVersion;
+import net.i2p.util.VersionComparator;
+
+/**
+ *
+ *  @since 0.9.46
+ */
+public class BasePerms {
+
+    private static final String FIXED_VER = "0.9.46";
+    private static final String PROP_FIXED = "router.fixedBasePerms";
+
+    /**
+     *
+     */
+    public static void fix(RouterContext ctx) {
+        if (!SystemVersion.isWindows())
+            return;
+        if (ctx.getBooleanProperty(PROP_FIXED))
+            return;
+        if (!ctx.router().getKillVMOnEnd())  // embedded
+            return;
+        File dir = ctx.getBaseDir();
+        File f = new File(dir, "history.txt");
+        if (f.exists() && !f.canWrite())     // no permissions, nothing we can do
+            return;
+
+        // broad permissions set starting in 0.7.5,
+        // but that's before we had the firstVersion property,
+        // so no use checking for earlier than that
+        String first = ctx.getProperty("router.firstVersion");
+        if (first == null || VersionComparator.comp(first, FIXED_VER) < 0) {
+            File f1 = new File(dir, "Uninstaller");  // izpack install
+            File f2 = new File(dir, "fixperms.log"); // fixperms.bat was run
+            if (f1.exists() && f2.exists()) {
+                File f3 = new File(dir, "fixperms.bat");
+                f3.delete();  // don't need it
+                try {
+                    fix(dir);
+                } catch (Exception e) {
+                }
+            }
+        }
+        ctx.router().saveConfig(PROP_FIXED, "true");
+    }
+
+    /**
+     *  Run the bat file
+     */
+    private static void fix(File f) {
+        File bat = new File(f, "scripts");
+        bat = new File(bat, "fixperms2.bat");
+        String[] args = { bat.getAbsolutePath(), f.getAbsolutePath() };
+        // don't wait, takes appx. 6 seconds on Windows 8 netbook
+        (new ShellCommand()).executeSilentAndWaitTimed(args, 0);
+    }
+}
+