Merge branch 'rpc-file-win-security'

4 files changed, 52 insertions, 19 deletions

diff --git a/.travis.yml b/.travis.yml
index 8e3f2e26e2..047c274817 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -15,12 +15,15 @@ matrix:
         # FIXME: Flow throws error for optional dependencies
         # missing from node_modules on unsupported platforms
         # see: https://github.com/facebook/flow/issues/4171
-        - NSEVENTMON_INDEX_JS=node_modules/nseventmonitor/index.js;
-          if [ ! -f $NSEVENTMON_INDEX_JS ]; then
-            echo "Installing a stub for NSEventMonitor..";
-            mkdir -p `dirname $NSEVENTMON_INDEX_JS`;
-            echo "module.exports = {};" > $NSEVENTMON_INDEX_JS;
-          fi
+        - OPTIONAL_DEPS=('nseventmonitor' 'windows-security');
+          for MODULE in ${OPTIONAL_DEPS[@]}; do
+            FILE="node_modules/$MODULE/index.js";
+            if [ ! -f $FILE ]; then
+              echo "Installing a stub for $MODULE..";
+              mkdir -p `dirname $FILE`;
+              echo "module.exports = {};" > $FILE;
+            fi
+          done
       before_script: &node_before_script
         - export DISPLAY=:99.0; sh -e /etc/init.d/xvfb start
       script: &node_script
diff --git a/app/lib/rpc-file-security.js b/app/lib/rpc-file-security.js
new file mode 100644
index 0000000000..da777d9b78
--- /dev/null
+++ b/app/lib/rpc-file-security.js
@@ -0,0 +1,32 @@
+// @flow
+
+import fs from 'fs';
+
+export function canTrustRpcAddressFile(path: string): boolean {
+  const platform = process.platform;
+  switch(platform) {
+  case 'win32':
+    return isOwnedByLocalSystem(path);
+  case 'darwin':
+  case 'linux':
+    return isOwnedAndOnlyWritableByRoot(path);
+  default:
+    throw new Error(`Unknown platform: ${platform}`);
+  }
+}
+
+function isOwnedAndOnlyWritableByRoot(path: string): boolean {
+  const stat = fs.statSync(path);
+  const isOwnedByRoot = stat.uid === 0;
+  const isOnlyWritableByOwner = (stat.mode & parseInt('022', 8)) === 0;
+
+  return isOwnedByRoot && isOnlyWritableByOwner;
+}
+
+function isOwnedByLocalSystem(path: string): boolean {
+  const winsec = require('windows-security');
+  const ownerSid = winsec.getFileOwnerSid(path, null);
+  const isWellKnownSid = winsec.isWellKnownSid(ownerSid, winsec.WellKnownSid.LocalSystemSid);
+
+  return isWellKnownSid;
+}
\ No newline at end of file
diff --git a/app/main.js b/app/main.js
index 8cda655f47..b685a27bf9 100644
--- a/app/main.js
+++ b/app/main.js
@@ -10,6 +10,7 @@ import shellescape from 'shell-escape';
 import { version } from '../package.json';
 import { parseIpcCredentials } from './lib/backend';
 import { resolveBin } from './lib/proc';
+import { canTrustRpcAddressFile } from './lib/rpc-file-security';
 import { execFile } from 'child_process';
 import uuid from 'uuid';
 
@@ -243,11 +244,15 @@ const appDelegate = {
       return;
     }
 
-    log.debug('Reading the ipc connection info from', rpcAddressFile);
+    log.debug(`Reading the ipc connection info from "${rpcAddressFile}"`);
 
-    const isSecureEnough = isOwnedAndOnlyWritableByRoot(rpcAddressFile);
-    if (!isSecureEnough) {
-      log.error('Not trusting the contents of', rpcAddressFile, 'as it was not owned and only writable by root.');
+    try {
+      if (!canTrustRpcAddressFile(rpcAddressFile)) {
+        log.error(`Not trusting the contents of "${rpcAddressFile}".`);
+        return;
+      }
+    } catch(e) {
+      log.error(`Cannot verify the credibility of RPC address file: ${e.message}`);
       return;
     }
 
@@ -434,11 +439,3 @@ const appDelegate = {
 };
 
 appDelegate.setup();
-
-function isOwnedAndOnlyWritableByRoot(path) {
-  const stat = fs.statSync(path);
-  const isOwnedByRoot = stat.uid === 0;
-  const isOnlyWritableByOwner = (stat.mode & parseInt('022', 8)) === 0;
-
-  return isOwnedByRoot && isOnlyWritableByOwner;
-}
diff --git a/package.json b/package.json
index b058edf1e7..a23201b07c 100644
--- a/package.json
+++ b/package.json
@@ -36,7 +36,8 @@
     "validated": "^1.1.0"
   },
   "optionalDependencies": {
-    "nseventmonitor": "git+https://github.com/pronebird/NSEventMonitor.git#0.0.5"
+    "nseventmonitor": "git+https://github.com/pronebird/NSEventMonitor.git#0.0.6",
+    "windows-security": "git+https://github.com/pronebird/windows-security.git#0.0.1"
   },
   "devDependencies": {
     "babel-cli": "^6.22.2",