Bug 495946 - Snippets editor ISEs when trying to save a new or existing snippet
Snippets editor ISEs when trying to save a new or existing snippet
Product: Red Hat Satellite 5
Classification: Red Hat
Component: WebUI (Show other bugs)
All Linux
urgent Severity high
: ---
: ---
Assigned To: Partha Aji
Steve Salevan
Depends On:
Blocks: 457075
  Show dependency treegraph
Reported: 2009-04-15 12:48 EDT by Mike McCune
Modified: 2009-09-10 15:25 EDT (History)
3 users (show)

See Also:
Fixed In Version: sat530
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-10 15:25:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mike McCune 2009-04-15 12:48:21 EDT
* Login
* Systems
* Kickstarts
* Snippets
* create new snippet
* Try to save it:

2009-04-15 12:47:54,693 [TP-Processor1] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/rhn].[action] - Servlet.service() for servlet action threw exception
java.io.FileNotFoundException: /var/lib/cobbler/snippets/bloop (Permission denied)
Comment 1 Partha Aji 2009-04-20 17:40:30 EDT
This issue should now be resolved... as off.

Following changes were made..

1) A new spacewalk subdirectory was added to /var/lib/cobbler/snippets which will host all the spacewalk specific snippets..

2) /var/lib/cobbler/snippets/spacewalk/org.id will host snippets specfic to that org.

3) A user without root access to the actual box will be only able to update scripts

or snippets listed under /var/lib/cobbler/snippets/spacewalk/org.id

4) All other snippets under /var/lib/cobbler/snippets  other than snippets under /var/lib/cobbler/snippets/spacewalk will be Read Only  to config admins of all orgs... (readable through the UI that is...)

5) The snippets are only one level deep.  as in /var/lib/cobbler/snippets/spacewalk/org.id/snippet_name
One cannot now generate snippets that look like /var/lib/cobbler/snippets/spacewalk/org.id/my_dir/snippet_name

This was done to prevent issues like /var/lib/cobbler/snippets/spacewalk/org.id/../../../../tmp/xyz...
leaving security holes like that..
Comment 2 Partha Aji 2009-04-22 13:42:06 EDT
moving to On_QA
Comment 4 Partha Aji 2009-05-20 10:23:55 EDT
Moving to ON_QA
Comment 5 Steve Salevan 2009-06-01 12:04:20 EDT
Moving to VERIFIED, tested on 5/29 build.
Comment 6 John Matthews 2009-07-28 15:05:48 EDT

Able to create a snippet and save it.
Added it to kickstart profile by putting it as a script and clicking "template"
Verified the snippet shows up in the kickstrt file

ISO: Satellite-5.3.0-RHEL4-re20090724.0-s390x.iso
Comment 7 Brandon Perkins 2009-09-10 15:25:12 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.