Bug #12463: introduce better, and more secure, file handling abstractions, then use them in our code
Insecure handling of file writes in k5login type
|Assignee:||Dominic Maraglia||% Done:|
|Affected Puppet version:||Branch:||https://github.com/puppetlabs/puppet-cve-test/commits/security/2.6.x/suidmanager-security|
Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com
This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.
The k5login type and provider write to an untrusted location, typically a user home direction. They need to be reviewed to make sure they do the right thing around securely handling file replacement; they used to be vulnerable to a symlink attack, and could probably be improved overall.
#1 Updated by Daniel Pittman almost 2 years ago
- Branch set to https://github.com/puppetlabs/puppet-cve-test/commits/security/2.6.x/suidmanager-security
https://github.com/puppetlabs/puppet-cve-test/commits/security/2.6.x/suidmanager-security includes an implementation of
replace_file as a helper, and moves from
replace_file in k5login. It also adds testing – any testing – for the type and provider.
This isn’t much of a change compared to the previous change I made, using
secure_open there, but it does make for a more uniform and clear API around behaviour of that type / provider. Needs review, the tests validated, and the code merged.
#4 Updated by Deepak Giridharagopal almost 2 years ago
- Assignee changed from Deepak Giridharagopal to Dominic Maraglia