Evergreen

Hatch Windows installer creates properties files with limited read access

Bug #1860187 reported by Bill Erickson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Evergreen
Fix Committed
Medium
Unassigned

Bug Description

Hatch 0.3.2

In Windows, the hatch.properties and logging.properties files installed in C:\Program Files\Hatch (x86)\ have strict read permissions allowing only the installing user and admin accounts to read the files. The installer should be modified to create properties files that are readable by all users.

If Hatch cannot read the hatch.properties file, it will fall back to storing data in the $HOME\.evergreen directory for the logged in user instead of the C:\ProgramData\Hatch\ directory (or any other directory configured in the properties file).

Kyle Huckins (khuckins)
Changed in evergreen:
assignee: nobody → Kyle Huckins (khuckins)
Revision history for this message
Kyle Huckins (khuckins) wrote :

I've pushed a branch here, making use of AccessControl to ensure the .properties files have Read+Execute permissions granted to users that aren't the installing user or Administration:
https://git.evergreen-ils.org/?p=working/Hatch.git;a=shortlog;h=refs/heads/user/khuckins/lp1860187-global-read-on-properties

tags: added: pullrequest
Changed in evergreen:
assignee: Kyle Huckins (khuckins) → nobody
Bill Erickson (berick)
Changed in evergreen:
assignee: nobody → Bill Erickson (berick)
Revision history for this message
Bill Erickson (berick) wrote :

I've posted a Windows build using Kyle's updated installer:

https://evergreen-ils.org/downloads/Hatch-Installer-0.3.3.exe

To test:

[1] Run the new installer on Windows
[2] Log in to the staff client and register a new workstation.
[3] Confirm the new workstation is stored in C:\ProgramData\Hatch\
[4] Log in to the same Windows machine with a different, non-admin user.
[5] Repeat steps 2 and 3.

Prior to this patch, User 1's data would go to C:\ProgramData\Hatch and User 2's data would go to their home directory under .evergreen.

Changed in evergreen:
assignee: Bill Erickson (berick) → nobody
Terran McCanna (tmccanna)
Changed in evergreen:
milestone: none → 3.6.1
Terran McCanna (tmccanna)
Changed in evergreen:
milestone: 3.6.1 → none
Revision history for this message
Jason Boyer (jboyer) wrote :

I've got an alternative branch available here: https://git.evergreen-ils.org/?p=working/Hatch.git;a=shortlog;h=refs/heads/user/jboyer/lp1860187_properties_perms / working/user/jboyer/lp1860187_properties_perms

Rather than explicitly setting the permissions we should allow inheritance to just do the right thing.

Revision history for this message
Jason Boyer (jboyer) wrote (last edit ):

There's an updated test version of the installer available here with the branch from comment #3:
https://evergreen-ils.org/downloads/previews/Hatch-Installer-0.3.4.exe

The test steps are the same as listed in comment #2.

Revision history for this message
Gina Monti (gmonti90) wrote :

I, Gina Monti (<email address hidden>), sign off on this fix. The installer procedure works as described in comment 2. All workstations registered are saved in the program file.

Terran McCanna (tmccanna)
tags: added: signedoff
Revision history for this message
Galen Charlton (gmc) wrote :

Pushed to master. Thanks, Jason and Gina!

Changed in evergreen:
status: New → Fix Committed
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.