Skip to content
This repository has been archived by the owner on Jun 15, 2022. It is now read-only.

Poor use of /tmp needs to verify the integrity of downloaded archive #3

Closed
wants to merge 1 commit into from
Closed

Poor use of /tmp needs to verify the integrity of downloaded archive #3

wants to merge 1 commit into from

Conversation

codyro
Copy link

@codyro codyro commented Oct 31, 2011

Added basic user check for downloaded archive. Should have better checking / hash checking ultimately. Bug report submitted via Help Desk.

@cloudflare
Copy link
Collaborator

Thanks a lot for the bug report. I've pushed a new version of the
cpanel package to correct (23912f3).
Let me know what you think.

Cheers,

Ian

On Mon, Oct 31, 2011 at 9:40 AM, Cody Robertson
reply@reply.github.com
wrote:

Added basic user check for downloaded archive. Should have better checking / hash checking ultimately. Bug report submitted via Help Desk.

You can merge this Pull Request by running:

 git pull https://github.com/codyro/CloudFlare-CPanel master

Or you can view, comment on it, or merge it online at:

 #3

-- Commit Summary --

  • Added basic user check for downloaded archive. Should have better checking / hash checking

-- File Changes --

M cloudflare/bin/cloudflare_update.sh (6)

-- Patch Links --

 https://github.com/cloudflare/CloudFlare-CPanel/pull/3.patch
 https://github.com/cloudflare/CloudFlare-CPanel/pull/3.diff

Reply to this email directly or view it on GitHub:
#3

@codyro
Copy link
Author

codyro commented Nov 1, 2011

That should work fine although there is some goofy stuff in there. I don't see the point of downloading the tarball to a temp directory then moving it to a non-random folder (/usr/local/cpanel/cloudflare_tmp). It should stay in the temp directory throughout the whole process? I can only imagine this was done to bypass noexec?

@cloudflare
Copy link
Collaborator

On Tue, Nov 1, 2011 at 9:33 AM, Cody Robertson
reply@reply.github.com
wrote:

That should work fine although there is some goofy stuff in there. I don't see the point of downloading the tarball to a temp directory then moving it to a non-random folder (/usr/local/cpanel/cloudflare_tmp). It should stay in the temp directory throughout the whole process? I can only imagine this was done to bypass noexec?

Exactly -- bypassing noexec on /tmp.

Reply to this email directly or view it on GitHub:
#3 (comment)

@codyro
Copy link
Author

codyro commented Nov 1, 2011

That makes sense. I'm not familiar with perl although I suspect with the tempdir() function you could probably just create a temporary directory in /usr/local/cpanel from the start instead of relying on any static folders / shuffling stuff around. Reduces the complexity slightly without changing the logic at all.

Closing this issue however as it appears to be fixed. Just nit picking at this point :).

@codyro codyro closed this Nov 1, 2011
@cloudflare
Copy link
Collaborator

On Tue, Nov 1, 2011 at 1:01 PM, Cody Robertson
reply@reply.github.com
wrote:

That makes sense. I'm not familiar with perl although I suspect with the tempdir() function you could probably just create a temporary directory in /usr/local/cpanel from the start instead of relying on any static folders / shuffling stuff around. Reduces the complexity slightly without changing the logic at all.

Closing this issue however as it appears to be fixed. Just nit picking at this point :).

Agreed, the code base could stand to be cleaned up a bit ;). This is
what users are for.

Reply to this email directly or view it on GitHub:
#3 (comment)

@dzamanakos dzamanakos mentioned this pull request Apr 20, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@codyro @cloudflare