1 |
xmw 12/06/29 06:28:40 |
2 |
|
3 |
Added: bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch |
4 |
Log: |
5 |
Revbump to fix trigger plugin security problem (bug 424025) |
6 |
|
7 |
(Portage version: 2.1.11.3/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 app-admin/bcfg2/files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/bcfg2/files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/app-admin/bcfg2/files/bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: bcfg2-1.2.2-CVE-2012-3366-Trigger-plugin.patch |
16 |
=================================================================== |
17 |
Downloaded from http://trac.mcs.anl.gov/projects/bcfg2/changeset/a524967e8d5c4c22e49cd619aed20c87a316c0be/ |
18 |
|
19 |
Index: src/lib/Server/Plugins/Trigger.py |
20 |
=================================================================== |
21 |
--- src/lib/Server/Plugins/Trigger.py (revision bf5040f75e71e25af0b9b5c2a9c098c5933d4acc) |
22 |
+++ src/lib/Server/Plugins/Trigger.py (revision a524967e8d5c4c22e49cd619aed20c87a316c0be) |
23 |
@@ -1,16 +1,6 @@ |
24 |
import os |
25 |
+import pipes |
26 |
import Bcfg2.Server.Plugin |
27 |
- |
28 |
- |
29 |
-def async_run(prog, args): |
30 |
- pid = os.fork() |
31 |
- if pid: |
32 |
- os.waitpid(pid, 0) |
33 |
- else: |
34 |
- dpid = os.fork() |
35 |
- if not dpid: |
36 |
- os.system(" ".join([prog] + args)) |
37 |
- os._exit(0) |
38 |
- |
39 |
+from subprocess import Popen, PIPE |
40 |
|
41 |
class Trigger(Bcfg2.Server.Plugin.Plugin, |
42 |
@@ -31,8 +21,29 @@ |
43 |
raise Bcfg2.Server.Plugin.PluginInitError |
44 |
|
45 |
+ def async_run(self, args): |
46 |
+ pid = os.fork() |
47 |
+ if pid: |
48 |
+ os.waitpid(pid, 0) |
49 |
+ else: |
50 |
+ dpid = os.fork() |
51 |
+ if not dpid: |
52 |
+ self.debug_log("Running %s" % " ".join(pipes.quote(a) |
53 |
+ for a in args)) |
54 |
+ proc = Popen(args, stdin=PIPE, stdout=PIPE, stderr=PIPE) |
55 |
+ (out, err) = proc.communicate() |
56 |
+ rv = proc.wait() |
57 |
+ if rv != 0: |
58 |
+ self.logger.error("Trigger: Error running %s (%s): %s" % |
59 |
+ (args[0], rv, err)) |
60 |
+ elif err: |
61 |
+ self.debug_log("Trigger: Error: %s" % err) |
62 |
+ os._exit(0) |
63 |
+ |
64 |
def process_statistics(self, metadata, _): |
65 |
args = [metadata.hostname, '-p', metadata.profile, '-g', |
66 |
':'.join([g for g in metadata.groups])] |
67 |
+ self.debug_log("running triggers") |
68 |
for notifier in os.listdir(self.data): |
69 |
+ self.debug_log("running %s" % notifier) |
70 |
if ((notifier[-1] == '~') or |
71 |
(notifier[:2] == '.#') or |
72 |
@@ -40,5 +51,4 @@ |
73 |
(notifier in ['SCCS', '.svn', '4913'])): |
74 |
continue |
75 |
- npath = self.data + '/' + notifier |
76 |
- self.logger.debug("Running %s %s" % (npath, " ".join(args))) |
77 |
- async_run(npath, args) |
78 |
+ npath = os.path.join(self.data, notifier) |
79 |
+ self.async_run([npath] + args) |