Greetings Everyone!
I am working on a vulnerability assessment/compliance UNIX project covering multiple *nix platforms and have a question. One aspect of the assessment is file permissions (SUID, SGID, world-writeable, etc.). From the research I've done the standard permissions (ugo/rwx) and possibly file ACLs are available through the java.nio.file.attribute package, but the SUID, SGID, and sticky bits are too UNIX-specific and Java does not return these.
Therefore my questions are:
1) Is my research is accurate?
2) If it is accurate then is there a relatively easy way to determine the SUID/SGID permissions code-wise through Java? I really do not want to exec out to the OS to run a long file listing (ls -l) and parse the output if I can help it. If I have to do that I will, but that leads to another question - would it then be better to parse the entire file permissions mask manually and not use the java.nio.file.attribute package?
3) If it is not accurate, what package(s)/Java tricks am I missing?
Thank you for any insight you can give.
jc
I am working on a vulnerability assessment/compliance UNIX project covering multiple *nix platforms and have a question. One aspect of the assessment is file permissions (SUID, SGID, world-writeable, etc.). From the research I've done the standard permissions (ugo/rwx) and possibly file ACLs are available through the java.nio.file.attribute package, but the SUID, SGID, and sticky bits are too UNIX-specific and Java does not return these.
Therefore my questions are:
1) Is my research is accurate?
2) If it is accurate then is there a relatively easy way to determine the SUID/SGID permissions code-wise through Java? I really do not want to exec out to the OS to run a long file listing (ls -l) and parse the output if I can help it. If I have to do that I will, but that leads to another question - would it then be better to parse the entire file permissions mask manually and not use the java.nio.file.attribute package?
3) If it is not accurate, what package(s)/Java tricks am I missing?
Thank you for any insight you can give.
jc