(#9792) Predictable temporary filename in ralsh.
343c7bd381b6Unpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(#9792) Predictable temporary filename in ralsh.

When ralsh is used in edit mode the temporary filename is in a shared
directory, and is absolutely predictable. Worse, it won't be touched until
well after the startup of the command.

It can be tricked into writing through a symlink to edit any file on the
system, or to create through it, but worse - the file is reopened with the
same name later, so it can have the target replaced between edit and
operate...

The only possible mitigation comes from the system editor and the behaviour it
has around editing through symbolic links, which is very weak.

This improves this to prefer the current working directory for the temporary
file, and to be somewhat less predictable and more safe in conjuring it into
being.

Fixes CVE-2011-3871

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>

Details

Provenance

Daniel Pittman <daniel@puppetlabs.com>	Authored on
Michael Stahnke <stahnma@puppetlabs.com>	Committed on Sep 29 2011, 8:28 PM
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPU88512e880bd2: Drop privileges before creating and chmodding SSH keys.

Branches

Unknown

Tags

Unknown

Event Timeline

Michael Stahnke <stahnma@puppetlabs.com> committed rPU343c7bd381b6: (#9792) Predictable temporary filename in ralsh. (authored by Daniel Pittman <daniel@puppetlabs.com>).Sep 29 2011, 8:28 PM

Changes (1)

Path

Size

lib/

puppet/

application/

resource.rb

rPU343c7bd381b6

View Options

lib/puppet/application/resource.rb

(#9792) Predictable temporary filename in ralsh.343c7bd381b6UnpublishedActions