maas-import-pxe-files sources path-relative config

Bug #1158425 reported by dann frazier on 2013-03-21
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
MAAS
Status tracked in Trunk
1.2
Critical
Julian Edwards
1.3
Critical
Julian Edwards
Trunk
Critical
Julian Edwards

Bug Description

From /usr/sbin/maas-import-pxe-files:

# Load settings if available.
settings="/etc/maas/import_pxe_files"
[ -r $settings ] && . $settings
local_settings="$(pwd)/$settings"
[ -r $local_settings ] && . $local_settings

Consider what would happen if the admin runs this from /tmp and an unprivileged user has created their own /tmp/etc/maas/import_pxe_files file.

Changed in maas:
status: New → Triaged
importance: Undecided → Critical
Marc Deslauriers (mdeslaur) wrote :

This is CVE-2013-1057

information type: Private Security → Public
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers