uses unsafe /tmp files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eucalyptus (Ubuntu) |
Fix Released
|
High
|
Dustin Kirkland | ||
Karmic |
Fix Released
|
High
|
Dustin Kirkland |
Bug Description
Split from bug 436977; in some places, eucalyptus uses unsafe /tmp files:
./gatherlog/
./install-sh: tmpdir=
./storage/
./storage/
./storage/
./storage/
./storage/
./storage/
./cluster/
./tools/
./tools/
./tools/
./node/
./debian/
ProblemType: Bug
Architecture: amd64
Date: Tue Oct 6 20:09:05 2009
DistroRelease: Ubuntu 9.10
Package: eucalyptus-common (not installed)
ProcEnviron:
LANGUAGE=
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: eucalyptus
Uname: Linux 2.6.31-11-generic x86_64
Changed in eucalyptus (Ubuntu): | |
importance: | Undecided → High |
status: | New → Triaged |
visibility: | private → public |
Changed in eucalyptus (Ubuntu Karmic): | |
milestone: | none → ubuntu-9.10 |
tags: | added: eucalyptus |
Changed in eucalyptus (Ubuntu Karmic): | |
assignee: | nobody → Thierry Carrez (ttx) |
Changed in eucalyptus (Ubuntu Karmic): | |
assignee: | Thierry Carrez (ttx) → Kees Cook (kees) |
status: | Triaged → In Progress |
Changed in eucalyptus (Ubuntu Karmic): | |
assignee: | Kees Cook (kees) → Dustin Kirkland (kirkland) |
Greetings,
We've analyzed the points in the source tree that are referenced, and have found that none of them are actually exercised in a Karmic default eucalyptus running system. More detail on each follows:
GLclient is a testing utility that doesn't get installed by the package (or a 'make install' for that matter) GLclient. c: env = axutil_ env_create_ all("/tmp/ fooh", AXIS2_LOG_ LEVEL_TRACE) ;
./gatherlog/
install-sh is only used for building eucalyptus ${TMPDIR- /tmp}/ins$ RANDOM- $$
./install-sh: tmpdir=
the function in 'storage.c' that uses these files is only used by 'test.c' in 'storage/', which is a utility that is never installed storage. c:#define F1 "/tmp/improbabl e-cache- file-1" storage. c:#define F2 "/tmp/improbabl e-cache- file-2" storage. c:#define F3 "/tmp/improbabl e-cache- file-3" storage. c:#define F4 "/tmp/improbabl e-cache- file-4" storage. c:#define F5 "/tmp/improbabl e-cache- file-5" storage. c:#define RM_CMD "rm -rf /tmp/improbable -cache- file-?"
./storage/
./storage/
./storage/
./storage/
./storage/
./storage/
CCclient is a debugging utility that is not installed CCclient. c: env = axutil_ env_create_ all("/tmp/ fofo", AXIS2_LOG_ LEVEL_TRACE) ;
./cluster/
These two are never used for Karmic by default (which uses the handlers_kvm.c), unless a user installs Xen on their node controllers. The first can be entirely removed (is just there for debugging). The second is actually, I believe, as unpredictable or more so than a file created with mktemp(). Eucalyptus instanceIds are random unique ids of 8 hex characters ("i-ABCDEFGH" where A-H are hex values). detach. pl:system( "cp $virshxmlfile /tmp/wtf"); handlers_ xen.c: snprintf(filename, 1024, "/tmp/consoleOu tput.%s" , instanceId);
./tools/
./node/
The httpd*.conf that ends up actually being used has this value set to '/' instead of '/tmp'. The init script(s) actually replace this with '/'. patches/ var_lib_ eucalyptus. diff: HTTPD_HOME="/tmp/" httpd.conf: ServerRoot "/tmp"
./debian/
./tools/
This tool is never installed. euca_watchdog. pl:our $chkpt_file = "/tmp/euca_ watchdog. checkpoint" ;
./tools/