(#9794) k5login can overwrite arbitrary files as root
2775c21ae48eUnpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(#9794) k5login can overwrite arbitrary files as root

The k5login type is typically used to manage a file in the home directory of a
user; the explicit purpose of the files is to allow access to other users.

It writes to the target file directly, as root, without doing anything to
secure the file. That would allow the owner of the home directory to symlink
to anything on the system, and have it replaced with the correct content of
the file. Which is a fairly obvious escalation to root the next time Puppet
runs.

Now, instead, fix that to securely write the target file in a predictable and
secure fashion, using the secure_open helper.

Fixes CVE-2011-3869

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>

Details

Provenance

Daniel Pittman <daniel@puppetlabs.com>	Authored on
Michael Stahnke <stahnma@puppetlabs.com>	Committed on Sep 29 2011, 7:38 PM
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPU408d117e7d6b: Updated CHANGELOG for 2.6.10

Branches

Unknown

Tags

Unknown

Event Timeline

Michael Stahnke <stahnma@puppetlabs.com> committed rPU2775c21ae48e: (#9794) k5login can overwrite arbitrary files as root (authored by Daniel Pittman <daniel@puppetlabs.com>).Sep 29 2011, 7:38 PM

Changes (1)

Path

Size

lib/

puppet/

type/

k5login.rb

rPU2775c21ae48e

View Options

lib/puppet/type/k5login.rb

(#9794) k5login can overwrite arbitrary files as root2775c21ae48eUnpublishedActions