Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1:kernel-2.6.32
puppet
puppet-0.24.5-CVE-2010-0156.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File puppet-0.24.5-CVE-2010-0156.diff of Package puppet
Index: puppet-0.24.5/lib/puppet/daemon.rb =================================================================== --- puppet-0.24.5.orig/lib/puppet/daemon.rb +++ puppet-0.24.5/lib/puppet/daemon.rb @@ -30,7 +30,7 @@ module Puppet::Daemon $stderr.reopen $stdout Puppet::Util::Log.reopen rescue => detail - File.open("/tmp/daemonout", "w") { |f| + Puppet::Util.secure_open("/tmp/daemonout", "w") { |f| f.puts "Could not start %s: %s" % [Puppet[:name], detail] } Puppet.err "Could not start %s: %s" % [Puppet[:name], detail] Index: puppet-0.24.5/lib/puppet/util/reference.rb =================================================================== --- puppet-0.24.5.orig/lib/puppet/util/reference.rb +++ puppet-0.24.5/lib/puppet/util/reference.rb @@ -36,7 +36,7 @@ class Puppet::Util::Reference def self.pdf(text) puts "creating pdf" - File.open("/tmp/puppetdoc.txt", "w") do |f| + Puppet::Util.secure_open("/tmp/puppetdoc.txt", "w") do |f| f.puts text end rst2latex = %x{which rst2latex} @@ -48,6 +48,7 @@ class Puppet::Util::Reference end rst2latex.chomp! cmd = %{#{rst2latex} /tmp/puppetdoc.txt > /tmp/puppetdoc.tex} + Puppet::Util.secure_open('/tmp/puppetdoc.tex','w') {} output = %x{#{cmd}} unless $? == 0 $stderr.puts "rst2latex failed" @@ -168,7 +169,7 @@ class Puppet::Util::Reference end def trac - File.open("/tmp/puppetdoc.txt", "w") do |f| + Puppet::Util.secure_open("/tmp/puppetdoc.txt", "w") do |f| f.puts self.to_trac end Index: puppet-0.24.5/lib/puppet/util.rb =================================================================== --- puppet-0.24.5.orig/lib/puppet/util.rb +++ puppet-0.24.5/lib/puppet/util.rb @@ -449,6 +449,28 @@ module Util end module_function :memory, :thinmark + + def secure_open(file,must_be_w,&block) + raise Puppet::DevError,"secure_open only works with mode 'w'" unless must_be_w == 'w' + raise Puppet::DevError,"secure_open only requires a block" unless block_given? + Puppet.warning "#{file} was a symlink to #{File.readlink(file)}" if File.symlink?(file) + if File.exists?(file) or File.symlink?(file) + wait = File.symlink?(file) ? 5.0 : 0.1 + File.delete(file) + sleep wait # give it a chance to reappear, just in case someone is actively trying something. + end + begin + File.open(file,File::CREAT|File::EXCL|File::TRUNC|File::WRONLY,&block) + rescue Errno::EEXIST + desc = File.symlink?(file) ? "symlink to #{File.readlink(file)}" : File.stat(file).ftype + puts "Warning: #{file} was apparently created by another process (as" + puts "a #{desc}) as soon as it was deleted by this process. Someone may be trying" + puts "to do something objectionable (such as tricking you into overwriting system" + puts "files if you are running as root)." + raise + end + end + module_function :secure_open end end
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor