(PUP-2478) Remove current directory from Ruby load path.
1d1e1eac451fUnpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(PUP-2478) Remove current directory from Ruby load path.

The current directory ('.') is on the load path for Ruby 1.8.7.
This is a security vulnerability as it allows arbitrary code loading if
users create ruby source files with names that correspond to those that
puppet is trying to load.

The fix is to explicitly remove '.' from the load path before any code
is loaded by puppet.

Details

Provenance

Peter Huene <peter.huene@puppetlabs.com>	Authored on
Melissa Stone <melissa@puppetlabs.com>	Committed on May 27 2014, 8:21 PM
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPUbb83a84e0665: (packaging) Update PUPPETVERSION to 3.6.1

Branches

Unknown

Tags

Unknown

Event Timeline

Melissa Stone <melissa@puppetlabs.com> committed rPU1d1e1eac451f: (PUP-2478) Remove current directory from Ruby load path. (authored by Peter Huene <peter.huene@puppetlabs.com>).May 27 2014, 8:21 PM

Changes (1)

Path

Size

bin/

puppet

rPU1d1e1eac451f

View Options

(PUP-2478) Remove current directory from Ruby load path.1d1e1eac451fUnpublishedActions