svn commit: r1516547 - in /subversion/branches/1.8.x: ./ STATUS tools/server-side/svnpubsub/svnwcsub.py

Thu, 22 Aug 2013 12:30:02 -0700 

Author: breser
Date: Thu Aug 22 19:28:52 2013
New Revision: 1516547

URL: http://svn.apache.org/r1516547
Log:
Merge r1516271 from trunk:

 * r1516271
   svnwcsub: Fix creation of pid files.
   Justification:
     Security issue.
   Votes:
     +1: breser, danielsh

Modified:
    subversion/branches/1.8.x/   (props changed)
    subversion/branches/1.8.x/STATUS
    subversion/branches/1.8.x/tools/server-side/svnpubsub/svnwcsub.py

Propchange: subversion/branches/1.8.x/
------------------------------------------------------------------------------
  Merged /subversion/trunk:r1516271

Modified: subversion/branches/1.8.x/STATUS
URL: 
http://svn.apache.org/viewvc/subversion/branches/1.8.x/STATUS?rev=1516547&r1=1516546&r2=1516547&view=diff
==============================================================================
--- subversion/branches/1.8.x/STATUS (original)
+++ subversion/branches/1.8.x/STATUS Thu Aug 22 19:28:52 2013
@@ -120,10 +120,3 @@ Veto-blocked changes:
 Approved changes:
 =================
 
- * r1516271
-   svnwcsub: Fix creation of pid files.
-   Justification:
-     Security issue.
-   Votes:
-     +1: breser, danielsh
-

Modified: subversion/branches/1.8.x/tools/server-side/svnpubsub/svnwcsub.py
URL: 
http://svn.apache.org/viewvc/subversion/branches/1.8.x/tools/server-side/svnpubsub/svnwcsub.py?rev=1516547&r1=1516546&r2=1516547&view=diff
==============================================================================
--- subversion/branches/1.8.x/tools/server-side/svnpubsub/svnwcsub.py (original)
+++ subversion/branches/1.8.x/tools/server-side/svnpubsub/svnwcsub.py Thu Aug 
22 19:28:52 2013
@@ -465,7 +465,15 @@ def handle_options(options):
     # Otherwise, we should write this (foreground) PID into the file.
     if options.pidfile and not options.daemon:
         pid = os.getpid()
-        open(options.pidfile, 'w').write('%s\n' % pid)
+        # Be wary of symlink attacks
+        try:
+            os.remove(options.pidfile)
+        except OSError:
+            pass
+        fd = os.open(options.pidfile, os.O_WRONLY | os.O_CREAT | os.O_EXCL,
+                     0444)
+        os.write(fd, '%d\n' % pid)
+        os.close(fd)
         logging.info('pid %d written to %s', pid, options.pidfile)
 
     if options.gid:

Reply via email to