This series of patches improves the 'file' type to be more careful, and secure, when it comes to handling files.
By switching to the standard 'tempfile' class shipped with puppet, rather than reinventing that, we automatically use platform security tools like O_EXCL on open. This eliminates a TOCTOU race in puppet which could potentially result in arbitrary files being overwritten by hostile users on Unix platforms supporting the option (and, presumably, on Win32 also). We also use the same path for every file operation, which is to write, flush to disk, then atomically replace the target file. This helps assure us that we have either the old file or the new file after a crash, and never a half-way state. Finally, set file properties correctly before we consider the file ready to replace the target. This ensures that there is no window in which the target file will have incorrect modes, ownership, or SELinux security labels. A final recheck of those permissions is still performed to verify this after the rename has been committed. -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
