do not use a predictable filenames in the LXC plugin

* do not use a predictable filename for the LXC attach script

* don't use predictable filenames for LXC attach script logging

* don't set a predictable archive_path



this should prevent symlink attacks which could result in

* data corruption

* data leakage

* privilege escalation
reviewable/pr18780/r1
Evgeni Golov 9 years ago committed by Toshio Kuratomi
parent f710908574
commit 7c3999a92a

@ -144,7 +144,7 @@ options:
description: description:
- Path the save the archived container. If the path does not exist - Path the save the archived container. If the path does not exist
the archive method will attempt to create it. the archive method will attempt to create it.
default: /tmp default: null
archive_compression: archive_compression:
choices: choices:
- gzip - gzip
@ -557,13 +557,8 @@ def create_script(command):
import subprocess import subprocess
import tempfile import tempfile
# Ensure that the directory /opt exists. (fd, script_file) = tempfile.mkstemp(prefix='lxc-attach-script')
if not path.isdir('/opt'): f = os.fdopen(fd, 'wb')
os.mkdir('/opt')
# Create the script.
script_file = path.join('/opt', '.lxc-attach-script')
f = open(script_file, 'wb')
try: try:
f.write(ATTACH_TEMPLATE % {'container_command': command}) f.write(ATTACH_TEMPLATE % {'container_command': command})
f.flush() f.flush()
@ -573,14 +568,11 @@ def create_script(command):
# Ensure the script is executable. # Ensure the script is executable.
os.chmod(script_file, 0700) os.chmod(script_file, 0700)
# Get temporary directory.
tempdir = tempfile.gettempdir()
# Output log file. # Output log file.
stdout_file = open(path.join(tempdir, 'lxc-attach-script.log'), 'ab') stdout_file = os.fdopen(tempfile.mkstemp(prefix='lxc-attach-script-log')[0], 'ab')
# Error log file. # Error log file.
stderr_file = open(path.join(tempdir, 'lxc-attach-script.err'), 'ab') stderr_file = os.fdopen(tempfile.mkstemp(prefix='lxc-attach-script-err')[0], 'ab')
# Execute the script command. # Execute the script command.
try: try:
@ -1747,7 +1739,6 @@ def main():
), ),
archive_path=dict( archive_path=dict(
type='str', type='str',
default='/tmp'
), ),
archive_compression=dict( archive_compression=dict(
choices=LXC_COMPRESSION_MAP.keys(), choices=LXC_COMPRESSION_MAP.keys(),
@ -1755,6 +1746,9 @@ def main():
) )
), ),
supports_check_mode=False, supports_check_mode=False,
required_if = ([
('archive', True, ['archive_path'])
]),
) )
if not HAS_LXC: if not HAS_LXC:

Loading…
Cancel
Save