(#9794) k5login can overwrite arbitrary files as root
7d4c169df84fUnpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(#9794) k5login can overwrite arbitrary files as root

The k5login type is typically used to manage a file in the home directory of a
user; the explicit purpose of the files is to allow access to other users.

It writes to the target file directly, as root, without doing anything to
secure the file. That would allow the owner of the home directory to symlink
to anything on the system, and have it replaced with the correct content of
the file. Which is a fairly obvious escalation to root the next time Puppet
runs.

Now, instead, fix that to securely write the target file in a predictable and
secure fashion, using the secure_open helper.

Fixes CVE-2011-3869

Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>

Details

Provenance

Daniel Pittman <daniel@puppetlabs.com>	Authored on
Michael Stahnke <stahnma@puppetlabs.com>	Committed on Sep 29 2011, 7:39 PM
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPU41f23f16c166: Update CHANGLEOG for 2.7.4

Branches

Unknown

Tags

Unknown

Event Timeline

Michael Stahnke <stahnma@puppetlabs.com> committed rPU7d4c169df84f: (#9794) k5login can overwrite arbitrary files as root (authored by Daniel Pittman <daniel@puppetlabs.com>).Sep 29 2011, 7:39 PM

Changes (1)

Path

Size

lib/

puppet/

type/

k5login.rb

rPU7d4c169df84f

View Options

lib/puppet/type/k5login.rb

(#9794) k5login can overwrite arbitrary files as root7d4c169df84fUnpublishedActions