Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Safely create tmp dir for the Nodes certificate (CVE-2016-3108). #2528

Closed
wants to merge 1 commit into from

Conversation

Projects
None yet
1 participant
@bowlofeggs
Copy link
Contributor

commented Apr 13, 2016

Security researcher Sander Bos contacted the Pulp team to notify us
that the pulp-gen-nodes-certificate script suffers from the same
exploit as was found in CVE-2016-3095, namely that the $TMP
directory that contains the Nodes private key was created in an
unsafe manner. This commit contains his proposed patch, using
mktemp -d to safely create the directory.

Additionally, I added a set -e so that the script would exit upon
error.

Thanks to Sander Bos for taking the time to carefully inspect the
Pulp codebase and for writing a wonderfully detailed report
describing the issue and the fix for it.

Credit also goes to Jeremy Cline (Red Hat) for independently
reporting this issue.

https://pulp.plan.io/issues/1830

fixes #1830

@bowlofeggs bowlofeggs added the bugfix label Apr 13, 2016

Safely create tmp dir for the Nodes certificate (CVE-2016-3108).
Security researcher Sander Bos contacted the Pulp team to notify us
that the pulp-gen-nodes-certificate script suffers from the same
exploit as was found in CVE-2016-3095, namely that the $TMP
directory that contains the Nodes private key was created in an
unsafe manner. This commit contains his proposed patch, using
mktemp -d to safely create the directory.

Additionally, I added a set -e so that the script would exit upon
error.

Thanks to Sander Bos for taking the time to carefully inspect the
Pulp codebase and for writing a wonderfully detailed report
describing the issue and the fix for it.

Credit also goes to Jeremy Cline (Red Hat) for independently
reporting this issue.

https://pulp.plan.io/issues/1830

fixes #1830

@bowlofeggs bowlofeggs force-pushed the bowlofeggs:1830 branch from 82f06b6 to 8f38e89 Apr 13, 2016

@bowlofeggs

This comment has been minimized.

Copy link
Contributor Author

commented Apr 13, 2016

Moved to #2533 so it would be against the 2.8-dev branch.

@bowlofeggs bowlofeggs closed this Apr 13, 2016

@bowlofeggs bowlofeggs deleted the bowlofeggs:1830 branch Apr 18, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.