Description of problem: The GFS2 plugin contains two insecure temporary paths: debugfsPath = "/tmp/debugfs" + str(time()) self.callExtProg("mkdir " + debugfsPath) self.callExtProg("mount -t debugfs none " + debugfsPath) ## What could possibly go wrong??? #Unmount the filesystem self.callExtProg("umount " + debugfsPath) self.callExtProg("rm -rf " + debugfsPath) And: #Get journal data journalData = self.getJournalData(gfs2FileSystems) journalFile = open("/tmp/journalData", "w") for line in journalData: journalFile.write(line) journalFile.close() self.collectOutputNow("cat /tmp/journalData", "journal_data") # I'm sure this is perfectly safe... self.callExtProg("rm -rf /tmp/journalData") Fix these by using tempfile.* interfaces. Version-Release number of selected component (if applicable): 1.7-9.69.el5 How reproducible: 100% Steps to Reproduce: 1. ln -s / /tmp/journalData 2. sosreport -v --batch -o gfs2 Actual results: Your root file system is now empty. Expected results: sos should not use predictable temporary paths Additional info:
--- sos-1.7/lib/sos/plugins/gfs2.py.orig 2014-05-19 10:30:39.000000000 -0400 +++ sos-1.7/lib/sos/plugins/gfs2.py 2014-05-19 10:53:17.000000000 -0400 @@ -20,6 +20,7 @@ import commands import time import libxml2 from time import time +import tempfile # libxml2 error handler def noerr(ctx, str): @@ -92,7 +93,7 @@ class gfs2(sos.plugintools.PluginBase): #Get lock data #Mount debug fs - debugfsPath = "/tmp/debugfs" + str(time()) + debugfsPath = tempfile.mkdtemp() self.callExtProg("mkdir " + debugfsPath) self.callExtProg("mount -t debugfs none " + debugfsPath) #Iterate through filesystems @@ -118,12 +119,15 @@ class gfs2(sos.plugintools.PluginBase): #Get journal data journalData = self.getJournalData(gfs2FileSystems) - journalFile = open("/tmp/journalData", "w") - for line in journalData: - journalFile.write(line) - journalFile.close() - self.collectOutputNow("cat /tmp/journalData", "journal_data") - self.callExtProg("rm -rf /tmp/journalData") + try: + journalFile = tempfile.NamedTemporaryFile(mode="w") + for line in journalData: + journalFile.write(line) + journalFile.flush() + self.collectOutputNow("cat %s" % journalFile.name, "journal_data") + journalFile.close() + except: + pass def diagnose(self): #GFS2 is only supported on RHEL 5.3 or above
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1200.html