Skip to content
This repository has been archived by the owner on Oct 30, 2018. It is now read-only.

do not use a predictable filenames in the LXC plugin #1941

Merged
merged 1 commit into from Apr 2, 2016
Merged

do not use a predictable filenames in the LXC plugin #1941

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
CVE-2016-3096: do not use predictable paths in lxc_container 
* do not use a predictable filename for the LXC attach script
* don't use predictable filenames for LXC attach script logging
* don't set a predictable archive_path

this should prevent symlink attacks which could result in
* data corruption
* data leakage
* privilege escalation
  • Loading branch information
@evgeni
evgeni committed Apr 2, 2016
commit 8c6fe646ee79f5e55361b885b7efed5bec72d4a4
22 changes: 8 additions & 14 deletions cloud/lxc/lxc_container.py
View file
Open in desktop
Expand Up @@ -144,7 +144,7 @@
description:
- Path the save the archived container. If the path does not exist
the archive method will attempt to create it.
default: /tmp
default: null
archive_compression:
choices:
- gzip
Expand Down Expand Up @@ -557,13 +557,8 @@ def create_script(command):
import subprocess
import tempfile

# Ensure that the directory /opt exists.
if not path.isdir('/opt'):
os.mkdir('/opt')

# Create the script.
script_file = path.join('/opt', '.lxc-attach-script')
f = open(script_file, 'wb')
(fd, script_file) = tempfile.mkstemp(prefix='lxc-attach-script')
f = os.fdopen(fd, 'wb')
try:
f.write(ATTACH_TEMPLATE % {'container_command': command})
f.flush()
Expand All @@ -573,14 +568,11 @@ def create_script(command):
# Ensure the script is executable.
os.chmod(script_file, 0700)

# Get temporary directory.
tempdir = tempfile.gettempdir()

# Output log file.
stdout_file = open(path.join(tempdir, 'lxc-attach-script.log'), 'ab')
stdout_file = os.fdopen(tempfile.mkstemp(prefix='lxc-attach-script-log')[0], 'ab')

# Error log file.
stderr_file = open(path.join(tempdir, 'lxc-attach-script.err'), 'ab')
stderr_file = os.fdopen(tempfile.mkstemp(prefix='lxc-attach-script-err')[0], 'ab')

# Execute the script command.
try:
Expand Down Expand Up @@ -1747,14 +1739,16 @@ def main():
),
archive_path=dict(
type='str',
default='/tmp'
),
archive_compression=dict(
choices=LXC_COMPRESSION_MAP.keys(),
default='gzip'
)
),
supports_check_mode=False,
required_if = ([
('archive', True, ['archive_path'])
]),
)

if not HAS_LXC:
Expand Down