495946 – Snippets editor ISEs when trying to save a new or existing snippet

Bug 495946 - Snippets editor ISEs when trying to save a new or existing snippet

Summary: Snippets editor ISEs when trying to save a new or existing snippet

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	WebUI
Sub Component:
Version:	530
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	high
Target Milestone:	---
Assignee:	Partha Aji
QA Contact:	Steve Salevan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	457075
TreeView+	depends on / blocked

Reported:	2009-04-15 16:48 UTC by Mike McCune
Modified:	2009-09-10 19:25 UTC (History)
CC List:	3 users (show)
Fixed In Version:	sat530
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-09-10 19:25:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Mike McCune 2009-04-15 16:48:21 UTC

* Login
* Systems
* Kickstarts
* Snippets
* create new snippet
* Try to save it:

2009-04-15 12:47:54,693 [TP-Processor1] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/rhn].[action] - Servlet.service() for servlet action threw exception
java.io.FileNotFoundException: /var/lib/cobbler/snippets/bloop (Permission denied)

Comment 1 Partha Aji 2009-04-20 21:40:30 UTC

This issue should now be resolved... as off.
http://git.fedorahosted.org/git/spacewalk.git?p=spacewalk.git;a=commit;h=b7f234e5fd5f425ceccf40bcd9a9f8948f3b5f64

Following changes were made..

1) A new spacewalk subdirectory was added to /var/lib/cobbler/snippets which will host all the spacewalk specific snippets..

2) /var/lib/cobbler/snippets/spacewalk/org.id will host snippets specfic to that org.

3) A user without root access to the actual box will be only able to update scripts

or snippets listed under /var/lib/cobbler/snippets/spacewalk/org.id

4) All other snippets under /var/lib/cobbler/snippets  other than snippets under /var/lib/cobbler/snippets/spacewalk will be Read Only  to config admins of all orgs... (readable through the UI that is...)

5) The snippets are only one level deep.  as in /var/lib/cobbler/snippets/spacewalk/org.id/snippet_name
One cannot now generate snippets that look like /var/lib/cobbler/snippets/spacewalk/org.id/my_dir/snippet_name

This was done to prevent issues like /var/lib/cobbler/snippets/spacewalk/org.id/../../../../tmp/xyz...
leaving security holes like that..

Comment 2 Partha Aji 2009-04-22 17:42:06 UTC

moving to On_QA

Comment 4 Partha Aji 2009-05-20 14:23:55 UTC

Moving to ON_QA

Comment 5 Steve Salevan 2009-06-01 16:04:20 UTC

Moving to VERIFIED, tested on 5/29 build.

Comment 6 John Matthews 2009-07-28 19:05:48 UTC

Moving to RELEASE_PENDING


Able to create a snippet and save it.
Added it to kickstart profile by putting it as a script and clicking "template"
Verified the snippet shows up in the kickstrt file

ISO: Satellite-5.3.0-RHEL4-re20090724.0-s390x.iso

Comment 7 Brandon Perkins 2009-09-10 19:25:12 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2009-1434.html

Note You need to log in before you can comment on or make changes to this bug.