| 1 |
xmw 12/06/29 06:28:40 |
| 2 |
|
| 3 |
Added: bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch |
| 4 |
Log: |
| 5 |
Revbump to fix trigger plugin security problem (bug 424025) |
| 6 |
|
| 7 |
(Portage version: 2.1.11.3/cvs/Linux x86_64) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 app-admin/bcfg2/files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/bcfg2/files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/bcfg2/files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch |
| 16 |
=================================================================== |
| 17 |
Downloaded from http://trac.mcs.anl.gov/projects/bcfg2/changeset/a524967e8d5c4c22e49cd619aed20c87a316c0be/ |
| 18 |
|
| 19 |
Index: src/lib/Server/Plugins/Trigger.py |
| 20 |
=================================================================== |
| 21 |
--- src/lib/Server/Plugins/Trigger.py (revision bf5040f75e71e25af0b9b5c2a9c098c5933d4acc) |
| 22 |
+++ src/lib/Server/Plugins/Trigger.py (revision a524967e8d5c4c22e49cd619aed20c87a316c0be) |
| 23 |
@@ -1,16 +1,6 @@ |
| 24 |
import os |
| 25 |
+import pipes |
| 26 |
import Bcfg2.Server.Plugin |
| 27 |
- |
| 28 |
- |
| 29 |
-def async_run(prog, args): |
| 30 |
- pid = os.fork() |
| 31 |
- if pid: |
| 32 |
- os.waitpid(pid, 0) |
| 33 |
- else: |
| 34 |
- dpid = os.fork() |
| 35 |
- if not dpid: |
| 36 |
- os.system(" ".join([prog] + args)) |
| 37 |
- os._exit(0) |
| 38 |
- |
| 39 |
+from subprocess import Popen, PIPE |
| 40 |
|
| 41 |
class Trigger(Bcfg2.Server.Plugin.Plugin, |
| 42 |
@@ -31,8 +21,29 @@ |
| 43 |
raise Bcfg2.Server.Plugin.PluginInitError |
| 44 |
|
| 45 |
+ def async_run(self, args): |
| 46 |
+ pid = os.fork() |
| 47 |
+ if pid: |
| 48 |
+ os.waitpid(pid, 0) |
| 49 |
+ else: |
| 50 |
+ dpid = os.fork() |
| 51 |
+ if not dpid: |
| 52 |
+ self.debug_log("Running %s" % " ".join(pipes.quote(a) |
| 53 |
+ for a in args)) |
| 54 |
+ proc = Popen(args, stdin=PIPE, stdout=PIPE, stderr=PIPE) |
| 55 |
+ (out, err) = proc.communicate() |
| 56 |
+ rv = proc.wait() |
| 57 |
+ if rv != 0: |
| 58 |
+ self.logger.error("Trigger: Error running %s (%s): %s" % |
| 59 |
+ (args[0], rv, err)) |
| 60 |
+ elif err: |
| 61 |
+ self.debug_log("Trigger: Error: %s" % err) |
| 62 |
+ os._exit(0) |
| 63 |
+ |
| 64 |
def process_statistics(self, metadata, _): |
| 65 |
args = [metadata.hostname, '-p', metadata.profile, '-g', |
| 66 |
':'.join([g for g in metadata.groups])] |
| 67 |
+ self.debug_log("running triggers") |
| 68 |
for notifier in os.listdir(self.data): |
| 69 |
+ self.debug_log("running %s" % notifier) |
| 70 |
if ((notifier[-1] == '~') or |
| 71 |
(notifier[:2] == '.#') or |
| 72 |
@@ -40,5 +51,4 @@ |
| 73 |
(notifier in ['SCCS', '.svn', '4913'])): |
| 74 |
continue |
| 75 |
- npath = self.data + '/' + notifier |
| 76 |
- self.logger.debug("Running %s %s" % (npath, " ".join(args))) |
| 77 |
- async_run(npath, args) |
| 78 |
+ npath = os.path.join(self.data, notifier) |
| 79 |
+ self.async_run([npath] + args) |
Archives