Issue #2503 has been updated by Luke Kanies.
Category set to file
Status changed from Unreviewed to Accepted
Priority changed from Normal to Urgent
Target version set to 0.25.0
----------------------------------------
Bug #2503: Insecure temp file handling in file{}
http://projects.reductivelabs.com/issues/2503
Author: volcane volcane
Status: Accepted
Priority: Urgent
Assigned to:
Category: file
Target version: 0.25.0
Complexity: Unknown
Affected version: 0.24.8
Keywords:
file{} does a rather stupid thing with temp files.
The result is that users could potentially overwrite files they don't own with
the help of puppet:
confirmed on 0.24.8.
## /tmp/securefile
secure file contents
## evil user does
ln -s /tmp/securefile /home/rip/somefile.puppettmp
## manifest does
file{"/home/rip/somefile":
content => "managed by puppet\n"
}
## runit
notice: //File[/home/rip/somefile]/content: defined 'content' as
'{md5}89a502238a07c7e92a7398383d88b7a2'
## /tmp/securefile
puppet content
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://reductivelabs.com/redmine/my/account
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
