Bug 1099151
| Summary: | insecure temp files usage in gfs2 plugin | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Bryn M. Reeves <bmr> |
| Component: | sos | Assignee: | Bryn M. Reeves <bmr> |
| Status: | CLOSED ERRATA | QA Contact: | David Kutálek <dkutalek> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 5.11 | CC: | agk, bmr, dkutalek, gavin |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sos-1.7-9.70.el5 | Doc Type: | Bug Fix |
| Doc Text: |
no docs needed
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-09-16 00:31:51 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
--- sos-1.7/lib/sos/plugins/gfs2.py.orig 2014-05-19 10:30:39.000000000 -0400
+++ sos-1.7/lib/sos/plugins/gfs2.py 2014-05-19 10:53:17.000000000 -0400
@@ -20,6 +20,7 @@ import commands
import time
import libxml2
from time import time
+import tempfile
# libxml2 error handler
def noerr(ctx, str):
@@ -92,7 +93,7 @@ class gfs2(sos.plugintools.PluginBase):
#Get lock data
#Mount debug fs
- debugfsPath = "/tmp/debugfs" + str(time())
+ debugfsPath = tempfile.mkdtemp()
self.callExtProg("mkdir " + debugfsPath)
self.callExtProg("mount -t debugfs none " + debugfsPath)
#Iterate through filesystems
@@ -118,12 +119,15 @@ class gfs2(sos.plugintools.PluginBase):
#Get journal data
journalData = self.getJournalData(gfs2FileSystems)
- journalFile = open("/tmp/journalData", "w")
- for line in journalData:
- journalFile.write(line)
- journalFile.close()
- self.collectOutputNow("cat /tmp/journalData", "journal_data")
- self.callExtProg("rm -rf /tmp/journalData")
+ try:
+ journalFile = tempfile.NamedTemporaryFile(mode="w")
+ for line in journalData:
+ journalFile.write(line)
+ journalFile.flush()
+ self.collectOutputNow("cat %s" % journalFile.name, "journal_data")
+ journalFile.close()
+ except:
+ pass
def diagnose(self):
#GFS2 is only supported on RHEL 5.3 or above
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1200.html |
Description of problem: The GFS2 plugin contains two insecure temporary paths: debugfsPath = "/tmp/debugfs" + str(time()) self.callExtProg("mkdir " + debugfsPath) self.callExtProg("mount -t debugfs none " + debugfsPath) ## What could possibly go wrong??? #Unmount the filesystem self.callExtProg("umount " + debugfsPath) self.callExtProg("rm -rf " + debugfsPath) And: #Get journal data journalData = self.getJournalData(gfs2FileSystems) journalFile = open("/tmp/journalData", "w") for line in journalData: journalFile.write(line) journalFile.close() self.collectOutputNow("cat /tmp/journalData", "journal_data") # I'm sure this is perfectly safe... self.callExtProg("rm -rf /tmp/journalData") Fix these by using tempfile.* interfaces. Version-Release number of selected component (if applicable): 1.7-9.69.el5 How reproducible: 100% Steps to Reproduce: 1. ln -s / /tmp/journalData 2. sosreport -v --batch -o gfs2 Actual results: Your root file system is now empty. Expected results: sos should not use predictable temporary paths Additional info: