trove/guestagent/volume.py:
def write_to_fstab(self):
fstab_line = ("%s\t%s\t%s\t%s\t0\t0" %
(self.device_path, self.mount_point, self.volume_fstype,
self.mount_options))
LOG.debug("Writing new line to fstab:%s" % fstab_line)
utils.execute("sudo", "cp", "/etc/fstab", "/etc/fstab.orig")
utils.execute("sudo", "cp", "/etc/fstab", "/tmp/newfstab")
utils.execute("sudo", "chmod", "666", "/tmp/newfstab")
with open("/tmp/newfstab", 'a') as new_fstab:
new_fstab.write("\n" + fstab_line)
utils.execute("sudo", "chmod", "640", "/tmp/newfstab")
utils.execute("sudo", "mv", "/tmp/newfstab", "/etc/fstab")
There are multiple problems with this approach:
- /tmp/newfstab is a predictable file name in a world writeable directory
- the chmod 666 is racy, other competing processes can update the file inbetween
- no locking against concurrency
Trove has not been released as part of openstack yet so we won't issue an OSSA for this... but this needs to be fixed.
I think making this public is fine, should make the fix easier and faster. Thoughts ?