This repository has been archived by the owner. It is now read-only.

do not use a predictable filenames in the LXC plugin #1941

Merged
merged 1 commit into from Apr 2, 2016
Jump to file or symbol
Failed to load files and symbols.
+8 −14
Diff settings

Always

Just for now

CVE-2016-3096: do not use predictable paths in lxc_container

* do not use a predictable filename for the LXC attach script
* don't use predictable filenames for LXC attach script logging
* don't set a predictable archive_path

this should prevent symlink attacks which could result in
* data corruption
* data leakage
* privilege escalation
  • Loading branch information...
evgeni committed Apr 1, 2016
commit 8c6fe646ee79f5e55361b885b7efed5bec72d4a4
View
@@ -144,7 +144,7 @@
description:
- Path the save the archived container. If the path does not exist
the archive method will attempt to create it.
default: /tmp
default: null
archive_compression:
choices:
- gzip
@@ -557,13 +557,8 @@ def create_script(command):
import subprocess
import tempfile
# Ensure that the directory /opt exists.
if not path.isdir('/opt'):
os.mkdir('/opt')
# Create the script.
script_file = path.join('/opt', '.lxc-attach-script')
f = open(script_file, 'wb')
(fd, script_file) = tempfile.mkstemp(prefix='lxc-attach-script')
f = os.fdopen(fd, 'wb')
try:
f.write(ATTACH_TEMPLATE % {'container_command': command})
f.flush()
@@ -573,14 +568,11 @@ def create_script(command):
# Ensure the script is executable.
os.chmod(script_file, 0700)
# Get temporary directory.
tempdir = tempfile.gettempdir()
# Output log file.
stdout_file = open(path.join(tempdir, 'lxc-attach-script.log'), 'ab')
stdout_file = os.fdopen(tempfile.mkstemp(prefix='lxc-attach-script-log')[0], 'ab')
# Error log file.
stderr_file = open(path.join(tempdir, 'lxc-attach-script.err'), 'ab')
stderr_file = os.fdopen(tempfile.mkstemp(prefix='lxc-attach-script-err')[0], 'ab')
# Execute the script command.
try:
@@ -1747,14 +1739,16 @@ def main():
),
archive_path=dict(
type='str',
default='/tmp'
),
archive_compression=dict(
choices=LXC_COMPRESSION_MAP.keys(),
default='gzip'
)
),
supports_check_mode=False,
required_if = ([
('archive', True, ['archive_path'])
]),
)
if not HAS_LXC:
ProTip! Use n and p to navigate between commits in a pull request.