HomePhorge
Diffusion puppet 46e8dc06aa31

(#13260) Use mktmpdir when downloading packages
46e8dc06aa31Unpublished
Actions

Unpublished Commit ยท Learn More

Repository Importing: This repository is still importing.

Description

(#13260) Use mktmpdir when downloading packages

This fixes a security vulnerability in the appdmg and pkgdmg providers where
they would curl packages directly into /tmp and the install them, allowing an
attacker to craft a symlink and overwrite arbitrary files or install arbitrary
packages.

Details

Provenance
Patrick Carlisle <patrick@puppetlabs.com>Authored on
Matthaus Litteken <matthaus@puppetlabs.com>Committed on Apr 3 2012, 11:43 PM
vanmeeuwenPushed on Jun 2 2015, 2:22 PM
Parents
rPUb36bda9ceb14: Refactor pkgdmg specs
Branches
Unknown
Tags
Unknown

Event Timeline

Matthaus Litteken <matthaus@puppetlabs.com> committed rPU46e8dc06aa31: (#13260) Use mktmpdir when downloading packages (authored by Patrick Carlisle <patrick@puppetlabs.com>).Apr 3 2012, 11:43 PM

Changes (2)

PathSize
lib/
puppet/
provider/
package/

rPU46e8dc06aa31

View Options

lib/puppet/provider/package/appdmg.rb

Loading...
View Options

lib/puppet/provider/package/pkgdmg.rb

Loading...