Temporary file vulnerability in euca_conf

Bug #424459 reported by Colin Watson on 2009-09-04
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eucalyptus (Ubuntu)
Low
Colin Watson
Karmic
Low
Colin Watson

Bug Description

euca_conf handles its temporary files insecurely:

# 3 paramenter: the file, the variable name, the new value
change_var_value () {
        check_and_backup $1
        cp $1 /tmp/euca-tmp.$$
        sed "s<^[[:blank:]#]*\(${2}\).*<\1=\"${3}\"<" /tmp/euca-tmp.$$ > $1
        rm -f /tmp/euca-tmp.$$
}
# comment lines matching $2 ($1 is the file)
comment () {
        check_and_backup $1
        cp $1 /tmp/euca-tmp.$$
        sed "s<^[[:blank:]]*\(${2}.*\)<#\1<" /tmp/euca-tmp.$$ > $1
        rm -f /tmp/euca-tmp.$$
}
# comment lines matching $2 ($1 is the file)
uncomment () {
        check_and_backup $1
        cp $1 /tmp/euca-tmp.$$
        sed "s<^[#[:blank:]]*\(${2}.*\)<\1<" /tmp/euca-tmp.$$ > $1
        rm -f /tmp/euca-tmp.$$
}

Changed in eucalyptus (Ubuntu):
status: New → Confirmed
Kees Cook (kees) on 2009-09-08
Changed in eucalyptus (Ubuntu):
importance: Undecided → Low
Kees Cook (kees) on 2009-09-10
visibility: private → public
Changed in eucalyptus (Ubuntu):
milestone: none → karmic-alpha-6
assignee: nobody → Soren Hansen (soren)
status: Confirmed → Triaged
Colin Watson (cjwatson) on 2009-09-11
Changed in eucalyptus (Ubuntu Karmic):
assignee: Soren Hansen (soren) → Colin Watson (cjwatson)
status: Triaged → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eucalyptus - 1.6~bzr672-0ubuntu3

---------------
eucalyptus (1.6~bzr672-0ubuntu3) karmic; urgency=low

  [ Colin Watson ]
  * Add euca_conf --discover-nodes option.
  * Register cluster with local cloud in start as well as cleanstart.
  * SECURITY UPDATE: Fix temporary file vulnerability in euca_conf by using
    'sed -i' (LP: #424459).

  [ Soren Hansen ]
  * Only ship antlr.jar in eucalyptus-java-common. (LP: #429086)

 -- Soren Hansen <email address hidden> Mon, 14 Sep 2009 12:59:40 +0200

Changed in eucalyptus (Ubuntu Karmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers