File 0.25.x-9794-k5login-can-overwrite-arbitrary-fil... of Package puppet

Overview Repositories Revisions Requests Users Attributes Meta

File 0.25.x-9794-k5login-can-overwrite-arbitrary-files-as-root.patch of Package puppet

From a4333c110ad084f205605708eaab52ad243d6c86 Mon Sep 17 00:00:00 2001
From: Daniel Pittman <daniel@puppetlabs.com>
Date: Thu, 29 Sep 2011 00:26:13 -0700
Subject: [PATCH] (#9794) k5login can overwrite arbitrary files as root

The k5login type is typically used to manage a file in the home directory of a
user; the explicit purpose of the files is to allow access to other users.

It writes to the target file directly, as root, without doing anything to
secure the file. That would allow the owner of the home directory to symlink
to anything on the system, and have it replaced with the  correct  content of
the file. Which is a fairly obvious escalation to root the next time Puppet
runs.

Now, instead, fix that to securely write the target file in a predictable and
secure fashion, using the `secure_open` helper.

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>
---
 lib/puppet/type/k5login.rb |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/lib/puppet/type/k5login.rb b/lib/puppet/type/k5login.rb
index 5526fda..b13b34d 100644
--- a/lib/puppet/type/k5login.rb
+++ b/lib/puppet/type/k5login.rb
@@ -81,7 +81,9 @@ Puppet::Type.newtype(:k5login) do
 
         private
         def write(value)
-            File.open(@resource[:name], "w") { |f| f.puts value.join("\n") }
+            Puppet::Util.secure_open(@resource[:name], "w") do |f|
+                f.puts value.join("\n")
+            end
         end
     end
 end
-- 
1.7.6.4

Places

File 0.25.x-9794-k5login-can-overwrite-arbitrary-files-as-root.patch of Package puppet

Places