fix RoganDawes#38

CyberCraftsmanx · Feb 5, 2020 · e7e5d3f · e7e5d3f
1 parent f161f6c
commit e7e5d3f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/common/filesys.go b/common/filesys.go
@@ -2,21 +2,21 @@ package common
 
 import "os"
 
-func WriteFile(path string, mustNotExist bool, append bool, data []byte) (error) {
+func WriteFile(path string, mustNotExist bool, append bool, data []byte, perm os.FileMode) (error) {
 	flag := os.O_CREATE | os.O_WRONLY
 	if mustNotExist { flag |= os.O_EXCL }
 	if append { flag |= os.O_APPEND } else { flag |= os.O_TRUNC }
-	f, err := os.OpenFile(path, flag, os.ModePerm)
+	f, err := os.OpenFile(path, flag, perm)
 	f.Stat()
 	if err != nil { return err }
 	defer f.Close()
 	_,err = f.Write(data)
 	return err
 }
 
-func ReadFile(path string, start int64, chunk []byte) (n int, err error) {
+func ReadFile(path string, start int64, chunk []byte, perm os.FileMode) (n int, err error) {
 	flag := os.O_RDONLY
-	f, err := os.OpenFile(path, flag, os.ModePerm)
+	f, err := os.OpenFile(path, flag, perm)
 	if err != nil { return 0,err }
 	defer f.Close()
 	return f.ReadAt(chunk, start)

diff --git a/service/rpc_server.go b/service/rpc_server.go
@@ -668,40 +668,46 @@ func (s *server) EventListen(eReq *pb.EventRequest, eStream pb.P4WNP1_EventListe
 
 func (s *server) FSWriteFile(ctx context.Context, req *pb.WriteFileRequest) (empty *pb.Empty, err error) {
 	filePath := "/" + req.Filename
+	perm := os.ModePerm
 	switch req.Folder {
 	case pb.AccessibleFolder_TMP:
 		filePath = "/tmp" + filePath
 	case pb.AccessibleFolder_BASH_SCRIPTS:
 		filePath = common.PATH_BASH_SCRIPTS + filePath
+		perm = 0700
 	case pb.AccessibleFolder_HID_SCRIPTS:
 		filePath = common.PATH_HID_SCRIPTS + filePath
+		perm = 0600
 	default:
 		err = errors.New("Unknown folder")
 		return
 	}
 
-	return &pb.Empty{}, common.WriteFile(filePath, req.MustNotExist, req.Append, req.Data)
+	return &pb.Empty{}, common.WriteFile(filePath, req.MustNotExist, req.Append, req.Data, perm)
 
 }
 
 func (s *server) FSReadFile(ctx context.Context, req *pb.ReadFileRequest) (resp *pb.ReadFileResponse, err error) {
 	//ToDo: check filename for path traversal attempts (don't care for security, currently - hey, we allow executing bash scripts as root - so what)
 
 	filePath := "/" + req.Filename
+	perm := os.ModePerm
 	switch req.Folder {
 	case pb.AccessibleFolder_TMP:
 		filePath = "/tmp" + filePath
 	case pb.AccessibleFolder_BASH_SCRIPTS:
 		filePath = common.PATH_BASH_SCRIPTS + filePath
+		perm = 0700
 	case pb.AccessibleFolder_HID_SCRIPTS:
 		filePath = common.PATH_HID_SCRIPTS + filePath
+		perm = 0600
 	default:
 		err = errors.New("Unknown folder")
 		return
 	}
 
 	chunk := make([]byte, req.Len)
-	n,err := common.ReadFile(filePath, req.Start, chunk)
+	n,err := common.ReadFile(filePath, req.Start, chunk, perm)
 	if err == io.EOF { err = nil } //we ignore eof error, as eof is indicated by n = 0
 	if err != nil {	return nil,err	}
 	resp = &pb.ReadFileResponse{ReadCount: int64(n), Data: chunk[:n]}