You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 lines
1.4 KiB
41 lines
1.4 KiB
13 years ago
|
From bdf728edc4c0b0e0e416f9d3e542b6815a4d3c0a Mon Sep 17 00:00:00 2001
|
||
|
|
From: Daniel Pittman <daniel@puppetlabs.com>
|
||
|
|
Date: Thu, 29 Sep 2011 00:32:49 -0700
|
||
|
|
Subject: [PATCH] (#9794) k5login can overwrite arbitrary files as root
|
||
|
|
|
||
|
|
The k5login type is typically used to manage a file in the home directory of a
|
||
|
|
user; the explicit purpose of the files is to allow access to other users.
|
||
|
|
|
||
|
|
It writes to the target file directly, as root, without doing anything to
|
||
|
|
secure the file. That would allow the owner of the home directory to symlink
|
||
|
|
to anything on the system, and have it replaced with the correct content of
|
||
|
|
the file. Which is a fairly obvious escalation to root the next time Puppet
|
||
|
|
runs.
|
||
|
|
|
||
|
|
Now, instead, fix that to securely write the target file in a predictable and
|
||
|
|
secure fashion, using the `secure_open` helper.
|
||
|
|
|
||
|
|
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
|
||
|
|
---
|
||
|
|
lib/puppet/type/k5login.rb | 4 +++-
|
||
|
|
1 files changed, 3 insertions(+), 1 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/lib/puppet/type/k5login.rb b/lib/puppet/type/k5login.rb
|
||
|
|
index eac142f..2e87ca9 100644
|
||
|
|
--- a/lib/puppet/type/k5login.rb
|
||
|
|
+++ b/lib/puppet/type/k5login.rb
|
||
|
|
@@ -79,7 +79,9 @@ Puppet::Type.newtype(:k5login) do
|
||
|
|
|
||
|
|
private
|
||
|
|
def write(value)
|
||
|
|
- File.open(@resource[:name], "w") { |f| f.puts value.join("\n") }
|
||
|
|
+ Puppet::Util.secure_open(@resource[:name], "w") do |f|
|
||
|
|
+ f.puts value.join("\n")
|
||
|
|
+ end
|
||
|
|
end
|
||
|
|
end
|
||
|
|
end
|
||
|
|
--
|
||
|
|
1.7.6.4
|
||
|
|
|