From 032cabff13965a7b6eef4aa269ff9b4d25faef6f Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 30 Aug 2006 20:30:10 +0000
Subject: [PATCH] Provide a mechanism for managing file permissions.  On UNIX-based systems where the use of exec is allowed, it will use the underlying chmod utility to set file permissions.  On other systems, if Java 6 is available then the new methods in the java.io.File class will be used.  If neither option is available, then it will not be possible to manage file permissions.

---
 opends/src/server/org/opends/server/util/StaticUtils.java |   37 +++++++++++++++++++++++++++++++++++++
 1 files changed, 37 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/util/StaticUtils.java b/opends/src/server/org/opends/server/util/StaticUtils.java
index 98ca5db..52f090c 100644
--- a/opends/src/server/org/opends/server/util/StaticUtils.java
+++ b/opends/src/server/org/opends/server/util/StaticUtils.java
@@ -2024,6 +2024,32 @@
 
 
   /**
+   * Indicates whether the use of the exec method will be allowed on this
+   * system.  It will be allowed by default, but that capability will be removed
+   * if the org.opends.server.DisableExec system property is set and has any
+   * value other than "false", "off", "no", or "0".
+   *
+   * @return  <CODE>true</CODE> if the use of the exec method should be allowed,
+   *          or <CODE>false</CODE> if it should not be allowed.
+   */
+  public static boolean mayUseExec()
+  {
+    assert debugEnter(CLASS_NAME, "mayUseExec");
+
+    String s = System.getProperty(PROPERTY_DISABLE_EXEC);
+    if (s == null)
+    {
+      return true;
+    }
+
+    s = toLowerCase(s);
+    return (s.equals("false") || s.equals("off") || s.equals("no") ||
+            s.equals("0"));
+  }
+
+
+
+  /**
    * Executes the specified command on the system and captures its output.  This
    * will not return until the specified process has completed.
    *
@@ -2056,6 +2082,17 @@
     assert debugEnter(CLASS_NAME, "exec", String.valueOf(command),
                       String.valueOf(args));
 
+
+    // See whether we'll allow the use of exec on this system.  If not, then
+    // throw an exception.
+    if (! mayUseExec())
+    {
+      int    msgID   = MSGID_EXEC_DISABLED;
+      String message = getMessage(msgID, String.valueOf(command));
+      throw new SecurityException(message);
+    }
+
+
     ArrayList<String> commandAndArgs = new ArrayList<String>();
     commandAndArgs.add(command);
     if ((args != null) && (args.length > 0))

--
Gitblit v1.10.0