Windows: Fix installation directory permissions

For new installs, change owner rather than giving 'F' permission to Users group
For existing installs, change owner and change 'F' permission to 'RX' for Users group
Local privilege escalation vulnerability
Introduced 2009-06-11, released in 0.7.5 2009-06-29
Reported by Juilo Cesar Fort of Blaze Information Security 2020-04-28

build.xml

@@ -1737,6 +1737,7 @@
         <copy todir="pkg-temp/man/">
             <fileset dir="installer/resources/man/" />
         </copy>
+        <copy file="installer/resources/fixperms2.bat" todir="pkg-temp/scripts/" />
     </target>
 
     <target name="truncatehistory">

installer/install.xml

@@ -19,21 +19,6 @@
          -->
 
         <!-- adding this element will make the installer attempt to launch itself with administrator permissions,
-             but see http://www.nabble.com/Classpath-security-issues-on-Vista-td22456230.html
-             which says it isn't sufficient:
-
-		Just to let you know that I managed to identify and resolve the problem (in
-		case anyone else has it).  The default installation directory for Vista is
-		under "Program Files" which is a "special" directory which can only be
-		written to (create sub-directories) by administrators.  However, stupid
-		Vista downgrades an administrator to a normal user when the program is run
-		via the application shortcut menu.  As you suggested, I added a script which
-		runs ICACLS which resolved the problem, i.e.
-
-		icacls %1 /grant Users:F /T > priv.log
-
-		The command needs to be run as a Process rather than as an executable tag in
-		order to pass $INSTALL_PATH as a parameter.
          -->
         <run-privileged condition="izpack.windowsinstall.vista|izpack.windowsinstall.7"/>
     </info>
@@ -263,7 +248,7 @@
                 </args>
             </executable>
 
-            <!-- workaround for vista permission problems - see comments above -->
+            <!-- change owner to %username% so updates will work -->
             <executable targetfile="$INSTALL_PATH/fixperms.bat" type="bin" stage="postinstall" keep="true" failure="warn"
                 condition="!izpack.windowsinstall.xp+!izpack.windowsinstall.2003" >
                 <os family="windows" />

installer/install5.xml

@@ -18,21 +18,6 @@
         <javaversion>1.7</javaversion>
 
         <!-- adding this element will make the installer attempt to launch itself with administrator permissions,
-             but see http://www.nabble.com/Classpath-security-issues-on-Vista-td22456230.html
-             which says it isn't sufficient:
-
-		Just to let you know that I managed to identify and resolve the problem (in
-		case anyone else has it).  The default installation directory for Vista is
-		under "Program Files" which is a "special" directory which can only be
-		written to (create sub-directories) by administrators.  However, stupid
-		Vista downgrades an administrator to a normal user when the program is run
-		via the application shortcut menu.  As you suggested, I added a script which
-		runs ICACLS which resolved the problem, i.e.
-
-		icacls %1 /grant Users:F /T > priv.log
-
-		The command needs to be run as a Process rather than as an executable tag in
-		order to pass $INSTALL_PATH as a parameter.
          -->
         <run-privileged condition="izpack.windowsinstall.vista|izpack.windowsinstall.7"/>
     </info>
@@ -315,7 +300,7 @@ https://izpack.atlassian.net/wiki/spaces/IZPACK/pages/491730/GUI+Preferences
                 </args>
             </executable>
 
-            <!-- workaround for vista permission problems - see comments above -->
+            <!-- change owner to %username% so updates will work -->
             <executable targetfile="$INSTALL_PATH/fixperms.bat" type="bin" stage="postinstall" keep="true" failure="warn"
                 condition="!izpack.windowsinstall.xp+!izpack.windowsinstall.2003" >
                 <os family="windows" />

installer/resources/fixperms.bat

@@ -16,4 +16,4 @@
 :: Specifying the SID will work on ALL versions of Windows.
 :: List of well-known SIDs at http://support.microsoft.com/kb/243330/en-us
 ::
-echo Y|icacls %1 /grant  *S-1-5-32-545:F /c /t > %1%\fixperms.log
+echo Y|icacls %1 /grant %username%:F /c /t /q > %1%\fixperms.log

installer/resources/fixperms2.bat

@@ -0,0 +1,18 @@
+:: Fix the problems caused by previous fixperms.bat
+::
+:: 'echo Y' to get past the 'are you sure' question...
+:: cacls requires it on XP, icacls doesnt appear so, but can't hurt
+:: F : full control
+:: /c : continue on error
+:: /q : quiet
+:: /t : recursive
+::
+:: Note: We should not use the group name "Users" since this group will not
+:: exist on non-English versions of Windows.
+::
+:: S-1-5-32-545 = Users (en). Benutzer (de), etc.
+::
+:: Specifying the SID will work on ALL versions of Windows.
+:: List of well-known SIDs at http://support.microsoft.com/kb/243330/en-us
+::
+echo Y|icacls %1 /grant:r %username%:F *S-1-5-32-545:RX /c /t /q > %1%\fixperms.log

router/java/src/net/i2p/router/Router.java

@@ -467,6 +467,8 @@ public class Router implements RouterClock.ClockShiftListener {
         _watchdogThread.setPriority(Thread.NORM_PRIORITY + 1);
         _watchdogThread.start();
         
+        if (SystemVersion.isWindows())
+            BasePerms.fix(_context);
     }
     
     /**
@@ -495,8 +497,6 @@ public class Router implements RouterClock.ClockShiftListener {
      */
     public void setKillVMOnEnd(boolean shouldDie) { _killVMOnEnd = shouldDie; }
 
-    /** @deprecated unused */
-    @Deprecated
     public boolean getKillVMOnEnd() { return _killVMOnEnd; }
     
     /** @return absolute path */

router/java/src/net/i2p/router/tasks/BasePerms.java

@@ -0,0 +1,64 @@
+package net.i2p.router.tasks;
+
+import java.io.File;
+
+import net.i2p.router.RouterContext;
+import net.i2p.util.ShellCommand;
+import net.i2p.util.SystemVersion;
+import net.i2p.util.VersionComparator;
+
+/**
+ *
+ *  @since 0.9.46
+ */
+public class BasePerms {
+
+    private static final String FIXED_VER = "0.9.46";
+    private static final String PROP_FIXED = "router.fixedBasePerms";
+
+    /**
+     *
+     */
+    public static void fix(RouterContext ctx) {
+        if (!SystemVersion.isWindows())
+            return;
+        if (ctx.getBooleanProperty(PROP_FIXED))
+            return;
+        if (!ctx.router().getKillVMOnEnd())  // embedded
+            return;
+        File dir = ctx.getBaseDir();
+        File f = new File(dir, "history.txt");
+        if (f.exists() && !f.canWrite())     // no permissions, nothing we can do
+            return;
+
+        // broad permissions set starting in 0.7.5,
+        // but that's before we had the firstVersion property,
+        // so no use checking for earlier than that
+        String first = ctx.getProperty("router.firstVersion");
+        if (first == null || VersionComparator.comp(first, FIXED_VER) < 0) {
+            File f1 = new File(dir, "Uninstaller");  // izpack install
+            File f2 = new File(dir, "fixperms.log"); // fixperms.bat was run
+            if (f1.exists() && f2.exists()) {
+                File f3 = new File(dir, "fixperms.bat");
+                f3.delete();  // don't need it
+                try {
+                    fix(dir);
+                } catch (Exception e) {
+                }
+            }
+        }
+        ctx.router().saveConfig(PROP_FIXED, "true");
+    }
+
+    /**
+     *  Run the bat file
+     */
+    private static void fix(File f) {
+        File bat = new File(f, "scripts");
+        bat = new File(bat, "fixperms2.bat");
+        String[] args = { bat.getAbsolutePath(), f.getAbsolutePath() };
+        // don't wait, takes appx. 6 seconds on Windows 8 netbook
+        (new ShellCommand()).executeSilentAndWaitTimed(args, 0);
+    }
+}
+