File puppet-0.24.5-CVE-2010-0156.diff of Package puppet

Overview Repositories Revisions Requests Users Attributes Meta

File puppet-0.24.5-CVE-2010-0156.diff of Package puppet

Index: puppet-0.24.5/lib/puppet/daemon.rb
===================================================================
--- puppet-0.24.5.orig/lib/puppet/daemon.rb
+++ puppet-0.24.5/lib/puppet/daemon.rb
@@ -30,7 +30,7 @@ module Puppet::Daemon
             $stderr.reopen $stdout
             Puppet::Util::Log.reopen
         rescue => detail
-            File.open("/tmp/daemonout", "w") { |f|
+            Puppet::Util.secure_open("/tmp/daemonout", "w") { |f|
                 f.puts "Could not start %s: %s" % [Puppet[:name], detail]
             }
             Puppet.err "Could not start %s: %s" % [Puppet[:name], detail]
Index: puppet-0.24.5/lib/puppet/util/reference.rb
===================================================================
--- puppet-0.24.5.orig/lib/puppet/util/reference.rb
+++ puppet-0.24.5/lib/puppet/util/reference.rb
@@ -36,7 +36,7 @@ class Puppet::Util::Reference
 
     def self.pdf(text)
         puts "creating pdf"
-        File.open("/tmp/puppetdoc.txt", "w") do |f|
+        Puppet::Util.secure_open("/tmp/puppetdoc.txt", "w") do |f|
             f.puts text
         end
         rst2latex = %x{which rst2latex}
@@ -48,6 +48,7 @@ class Puppet::Util::Reference
         end
         rst2latex.chomp!
         cmd = %{#{rst2latex} /tmp/puppetdoc.txt > /tmp/puppetdoc.tex}
+        Puppet::Util.secure_open('/tmp/puppetdoc.tex','w') {}
         output = %x{#{cmd}}
         unless $? == 0
             $stderr.puts "rst2latex failed"
@@ -168,7 +169,7 @@ class Puppet::Util::Reference
     end
 
     def trac
-        File.open("/tmp/puppetdoc.txt", "w") do |f|
+        Puppet::Util.secure_open("/tmp/puppetdoc.txt", "w") do |f|
             f.puts self.to_trac
         end
 
Index: puppet-0.24.5/lib/puppet/util.rb
===================================================================
--- puppet-0.24.5.orig/lib/puppet/util.rb
+++ puppet-0.24.5/lib/puppet/util.rb
@@ -449,6 +449,28 @@ module Util
     end
 
     module_function :memory, :thinmark
+
+    def secure_open(file,must_be_w,&block)
+        raise Puppet::DevError,"secure_open only works with mode 'w'" unless must_be_w == 'w'
+        raise Puppet::DevError,"secure_open only requires a block"    unless block_given?
+        Puppet.warning "#{file} was a symlink to #{File.readlink(file)}" if File.symlink?(file)
+        if File.exists?(file) or File.symlink?(file)
+            wait = File.symlink?(file) ? 5.0 : 0.1
+            File.delete(file)
+            sleep wait # give it a chance to reappear, just in case someone is actively trying something.
+        end
+        begin
+            File.open(file,File::CREAT|File::EXCL|File::TRUNC|File::WRONLY,&block)
+        rescue Errno::EEXIST
+            desc = File.symlink?(file) ? "symlink to #{File.readlink(file)}" : File.stat(file).ftype
+            puts "Warning: #{file} was apparently created by another process (as"
+            puts "a #{desc}) as soon as it was deleted by this process.  Someone may be trying"
+            puts "to do something objectionable (such as tricking you into overwriting system"
+            puts "files if you are running as root)."
+            raise
+        end
+    end
+    module_function :secure_open
 end
 end

Places

File puppet-0.24.5-CVE-2010-0156.diff of Package puppet

Places