Issue #2503 has been reported by volcane volcane.
----------------------------------------
Bug #2503: Insecure temp file handling in file{}
http://projects.reductivelabs.com/issues/2503
Author: volcane volcane
Status: Unreviewed
Priority: Normal
Assigned to:
Category:
Target version:
Complexity: Unknown
Affected version: 0.24.8
Keywords:
file{} does a rather stupid thing with temp files.
The result is that users could potentially overwrite files they don't own with
the help of puppet:
confirmed on 0.24.8.
## /tmp/securefile
secure file contents
## evil user does
ln -s /tmp/securefile /home/rip/somefile.puppettmp
## manifest does
file{"/home/rip/somefile":
content => "managed by puppet\n"
}
## runit
notice: //File[/home/rip/somefile]/content: defined 'content' as
'{md5}89a502238a07c7e92a7398383d88b7a2'
## /tmp/securefile
puppet content
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
