The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #12460

Bug #12463: introduce better, and more secure, file handling abstractions, then use them in our code

Insecure handling of file writes in k5login type

Added by Anonymous over 2 years ago. Updated over 2 years ago.

Status:ClosedStart date:02/06/2012
Priority:NormalDue date:
Assignee:Dominic Maraglia% Done:

0%

Category:-
Target version:2.7.11
Affected Puppet version: Branch:https://github.com/puppetlabs/puppet-cve-test/commits/security/2.6.x/suidmanager-security
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

The k5login type and provider write to an untrusted location, typically a user home direction. They need to be reviewed to make sure they do the right thing around securely handling file replacement; they used to be vulnerable to a symlink attack, and could probably be improved overall.

History

#1 Updated by Anonymous over 2 years ago

  • Branch set to https://github.com/puppetlabs/puppet-cve-test/commits/security/2.6.x/suidmanager-security

https://github.com/puppetlabs/puppet-cve-test/commits/security/2.6.x/suidmanager-security includes an implementation of replace_file as a helper, and moves from secure_open to replace_file in k5login. It also adds testing – any testing – for the type and provider.

This isn’t much of a change compared to the previous change I made, using secure_open there, but it does make for a more uniform and clear API around behaviour of that type / provider. Needs review, the tests validated, and the code merged.

#2 Updated by Anonymous over 2 years ago

  • Parent task set to #12463

#3 Updated by Jason McKerr over 2 years ago

  • Assignee changed from Jason McKerr to Deepak Giridharagopal

#5 Updated by Matthaus Owens over 2 years ago

  • Status changed from Accepted to Closed
  • Target version set to 2.7.11
  • Private changed from Yes to No

Released in 2.6.14, 2.7.11

Also available in: Atom PDF