Issue #9794 has been updated by Daniel Pittman.
This was pleasantly easy to patch, because we already had a helper in place for secure writes. Just use that instead, and everything works. Bam. ---------------------------------------- Bug #9794: `k5login` type can overwrite arbitrary files as root https://projects.puppetlabs.com/issues/9794 Author: Daniel Pittman Status: Accepted Priority: Immediate Assignee: Daniel Pittman Category: security Target version: Affected Puppet version: Keywords: Branch: The `k5login` type is typically used to manage a file in the home directory of a user; the explicit purpose of the files is to allow access to other users. It writes to the target file directly, as root, without doing anything to secure the file. That would allow the owner of the home directory to symlink to anything on the system, and have it replaced with the "correct" content of the file. Which is a fairly obvious escalation to root the next time Puppet runs. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
