[Pkg-puppet-devel] [SCM] Puppet packaging for Debian tag, 0.25.2, created. 0.25.1-137-g6111ba8
James Turnbull
james at lovedthanlost.net
Tue Feb 16 06:42:41 UTC 2010
The tag, 0.25.2 has been created
at 6111ba80f2c6f6d1541af971f565119e6e03d77d (commit)
- Shortlog ------------------------------------------------------------
commit 6111ba80f2c6f6d1541af971f565119e6e03d77d
Author: Markus Roberts <Markus at reality.com>
Date: Sun Jan 3 19:04:29 2010 -0800
Fix for temporary file security whole
We create temporary files in /tmp/ with predictable names. These
could be used by an attacker to DoS a box by setting a symlink to
some other file (say, /etc/shadow) and waiting for us to overwrite
it.
The minimalistic solution employed by this patch is to wrap all such
file writing with a paranoid wrapper that:
1) Check to see if the target exists
2) Issues a warning if it was a symlink
3) Deletes it
4) Waits (0.1 seconds if it was a file, 5 seconds if it was a symlink)
5) Opens the file with EXCL, which will fail if the file has come back.
If this succeeds (as it normally will) it has exactly the same semantics
as the original code (a must, as we are right at a release boundary).
However, under no circumstances will it follow a preexisting symlink (the
operating system guarantees this with EXCL) so the danger of an exploit
has been converted into the possibility of a failure, with an appropriate
warning.
-----------------------------------------------------------------------
--
Puppet packaging for Debian
More information about the Pkg-puppet-devel
mailing list