Skip to content
This repository has been archived by the owner. It is now read-only.

do not use a predictable filenames in the LXC plugin #1941

Merged
merged 1 commit into from Apr 2, 2016
Merged
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

CVE-2016-3096: do not use predictable paths in lxc_container

* do not use a predictable filename for the LXC attach script
* don't use predictable filenames for LXC attach script logging
* don't set a predictable archive_path

this should prevent symlink attacks which could result in
* data corruption
* data leakage
* privilege escalation
  • Loading branch information...
evgeni committed Apr 1, 2016
commit 8c6fe646ee79f5e55361b885b7efed5bec72d4a4
@@ -144,7 +144,7 @@
description:
- Path the save the archived container. If the path does not exist
the archive method will attempt to create it.
default: /tmp
default: null
archive_compression:
choices:
- gzip
@@ -557,13 +557,8 @@ def create_script(command):
import subprocess
import tempfile

# Ensure that the directory /opt exists.
if not path.isdir('/opt'):
os.mkdir('/opt')

# Create the script.
script_file = path.join('/opt', '.lxc-attach-script')
f = open(script_file, 'wb')
(fd, script_file) = tempfile.mkstemp(prefix='lxc-attach-script')
f = os.fdopen(fd, 'wb')
try:
f.write(ATTACH_TEMPLATE % {'container_command': command})
f.flush()
@@ -573,14 +568,11 @@ def create_script(command):
# Ensure the script is executable.
os.chmod(script_file, 0700)

# Get temporary directory.
tempdir = tempfile.gettempdir()

# Output log file.
stdout_file = open(path.join(tempdir, 'lxc-attach-script.log'), 'ab')
stdout_file = os.fdopen(tempfile.mkstemp(prefix='lxc-attach-script-log')[0], 'ab')

# Error log file.
stderr_file = open(path.join(tempdir, 'lxc-attach-script.err'), 'ab')
stderr_file = os.fdopen(tempfile.mkstemp(prefix='lxc-attach-script-err')[0], 'ab')

# Execute the script command.
try:
@@ -1747,14 +1739,16 @@ def main():
),
archive_path=dict(
type='str',
default='/tmp'
),
archive_compression=dict(
choices=LXC_COMPRESSION_MAP.keys(),
default='gzip'
)
),
supports_check_mode=False,
required_if = ([
('archive', True, ['archive_path'])
]),
)

if not HAS_LXC:
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.