We should definitely be using Tempfile here, it is mktemp like (and avoids TOCTOU attacks).
Rein Henrichs http://reductivelabs.com On Thu, Apr 8, 2010 at 11:50 PM, Luke Kanies <[email protected]> wrote: > On Apr 8, 2010, at 8:48 PM, Daniel Pittman wrote: > > Luke Kanies <[email protected]> writes: >> >> AFAIK the file shouldn't stay past the existence of the process itself - >>> it >>> just needs to persist after the user is done editing it. >>> >> >> Really? I though the purpose of 'ralsh --edit' was to let me modify the >> file >> and use the content later. If not, then Tempfile alone is absolutely the >> right answer. >> > > Nope, the purpose is to let you edit that file and then run it right away. > I think it currently even prints the edited resource on stdout once it's > done modifying it (which I consider a bug, ftr). > > > We can certainly use Tempfile or whatever instead. Keep in mind that >>> ralsh >>> has seen very few updates since its first days as a proof of concept. >>> >> >> *nod* There were a few places that looked like they had been >> best-practice >> when written, but now looked a bit old, that I touched. I don't think >> this >> is a terrible shortfall of the authors or anything. >> > > Heh, for a proof of concept that's been barely touched since it was > written, I think it's doing ok, so no owrries on that front. :) > > > Daniel >> >> On Apr 8, 2010, at 7:38 AM, Markus Roberts wrote: >>> >>> I'm unsure of the use-case here, but a non-TOCTOU way of replacing >>>> extant files (while assuring that they aren't symlinks) would, if >>>> possible, maintain the old semantics more closely. Conversely, if we >>>> don't need persistence past this run, or external access, a tempfile >>>> might be better. Does anyone know _why_ we want these to linger? Or >>>> even if? >>>> >>>> On Thu, Apr 8, 2010 at 7:06 AM, Daniel Pittman <[email protected]> >>>> wrote: >>>> >>>>> ralsh in edit mode generates a highly predictable filename; since we >>>>> actually >>>>> want it to linger at the end of the process, we only take care that the >>>>> file >>>>> didn't exist before we tried to create it. >>>>> --- >>>>> lib/puppet/application/ralsh.rb | 3 ++- >>>>> 1 files changed, 2 insertions(+), 1 deletions(-) >>>>> >>>>> diff --git a/lib/puppet/application/ralsh.rb b/lib/puppet/ >>>>> application/ralsh.rb >>>>> index b9f7a58..51c3daa 100644 >>>>> --- a/lib/puppet/application/ralsh.rb >>>>> +++ b/lib/puppet/application/ralsh.rb >>>>> @@ -1,6 +1,7 @@ >>>>> require 'puppet' >>>>> require 'puppet/application' >>>>> require 'facter' >>>>> +require 'tempfile' >>>>> >>>>> Puppet::Application.new(:ralsh) do >>>>> >>>>> @@ -121,7 +122,7 @@ Puppet::Application.new(:ralsh) do >>>>> if options[:edit] >>>>> file = "/tmp/x2puppet-#{Process.pid}.pp" >>>>> begin >>>>> - File.open(file, "w") do |f| >>>>> + File.open(file, File::WRONLY|File::CREAT| >>>>> File::EXCL) do |f| >>>>> f.puts text >>>>> end >>>>> ENV["EDITOR"] ||= "vi" >>>>> -- >>>>> 1.7.0.4 >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups >>>>> "Puppet Developers" group. >>>>> To post to this group, send email to [email protected]. >>>>> To unsubscribe from this group, send email to >>>>> [email protected]<puppet-dev%[email protected]> >>>>> . >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/puppet-dev?hl=en >>>>> . >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> ----------------------------------------------------------- >>>> The power of accurate observation is >>>> commonly called cynicism by those >>>> who have not got it. ~George Bernard Shaw >>>> ------------------------------------------------------------ >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups >>>> "Puppet Developers" group. >>>> To post to this group, send email to [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]<puppet-dev%[email protected]> >>>> . >>>> For more options, visit this group at >>>> http://groups.google.com/group/puppet-dev?hl=en >>>> . >>>> >>>> >>> >>> -- >>> You don't learn anything the second time you're kicked by a mule. >>> -- Anonymous Texan >>> --------------------------------------------------------------------- >>> Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199 >>> >> >> -- >> ✣ Daniel Pittman ✉ [email protected] ☎ +61 401 >> 155 707 >> ♽ made with 100 percent post-consumer electrons >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Developers" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<puppet-dev%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-dev?hl=en. >> >> > > -- > I have lost friends, some by death... others through sheer inability > to cross the street. -- Virginia Woolf > > --------------------------------------------------------------------- > Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199 > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-dev%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
