File puppet-0.25.4-CVE-2011-3870.patch of Package puppet
--- puppet-0.25.4.orig/lib/puppet/provider/ssh_authorized_key/parsed.rb
+++ puppet-0.25.4/lib/puppet/provider/ssh_authorized_key/parsed.rb
@@ -62,36 +62,24 @@
end
def flush
- # As path expansion had to be moved in the provider, we cannot generate new file
- # resources and thus have to chown and chmod here. It smells hackish.
-
- # Create target's parent directory if nonexistant
- if target
- dir = File.dirname(target)
- if not File.exist? dir
- Puppet.debug("Creating directory %s which did not exist" % dir)
- Dir.mkdir(dir, dir_perm)
- end
+ raise Puppet::Error, "Cannot write SSH authorized keys without user" unless user
+ raise Puppet::Error, "User '#{user}' does not exist" unless uid = Puppet::Util.uid(user)
+ # ParsedFile usually calls backup_target much later in the flush process,
+ # but our SUID makes that fail to open filebucket files for writing.
+ # Fortunately, there's already logic to make sure it only ever happens once,
+ # so calling it here supresses the later attempt by our superclass's flush method.
+ self.class.backup_target(target)
+
+ Puppet::Util::SUIDManager.asuser(@resource.should(:user)) do
+ unless File.exist?(dir = File.dirname(target))
+ Puppet.debug "Creating #{dir}"
+ Dir.mkdir(dir, dir_perm)
end
- # Generate the file
super
- # Ensure correct permissions
- if target and user
- uid = Puppet::Util.uid(user)
-
- if uid
- File.chown(uid, nil, dir)
- File.chown(uid, nil, target)
- else
- raise Puppet::Error, "Specified user does not exist"
- end
- end
-
- if target
- File.chmod(file_perm, target)
- end
+ File.chmod(file_perm, target)
+ end
end
# parse sshv2 option strings, wich is a comma separated list of
