[Fai-commit] r5749 - in trunk: bin debian

Thomas Lange lange at alioth.debian.org
Tue Mar 30 16:38:06 UTC 2010 

Author: lange
Date: 2010-03-30 16:38:04 +0000 (Tue, 30 Mar 2010)
New Revision: 5749

Modified:
   trunk/bin/install_packages
   trunk/debian/changelog
Log:
install_packages: security fix, do not wite to world writeable
directories (closes: 575921)

Modified: trunk/bin/install_packages
===================================================================
--- trunk/bin/install_packages	2010-03-25 15:49:35 UTC (rev 5748)
+++ trunk/bin/install_packages	2010-03-30 16:38:04 UTC (rev 5749)
@@ -28,7 +28,7 @@
 # MA 02111-1307, USA.
 #*********************************************************************
 
-my $version = "Version 4.3, 28-january-2010";
+my $version = "Version 4.3.1, 30-march-2010";
 $0=~ s#.+/##; # remove path from program name
 
 # import variables: $verbose, $MAXPACKAGES, $classes, $FAI, $FAI_ROOT
@@ -63,7 +63,7 @@
 my $use_aptpkg=0;
 my $aptopt='-y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"';
 my $downloaddir="/var/cache/apt/archives/partial/"; # where to download packages that gets only unpacked
-my $debsourcesdir='/var/tmp/package';
+my $debsourcesdir='/var/lib/fai/packages';
 
 $| = 1;
 
@@ -319,7 +319,7 @@
 
   my $type = shift;
   my ($package,$action,$list);
-  my $tempfile = "$FAI_ROOT/tmp/dpkg-selections.tmp"; # TODO: use better uniq filename
+  my $tempfile = "$FAI_ROOT/var/lib/fai/dpkg-selections.tmp"; # TODO: use better uniq filename
   while (@{$list{$type}}) {
     $package = shift @{$list{$type}};
     $action  = shift @{$list{$type}};
@@ -460,8 +460,11 @@
 sub writepackages {
 
   # write package list to log file
-  open(LIST,"> $FAI_ROOT/tmp/packages.list") || warn "ERROR $0: Can't write package list file: $!\n";
-  print LIST "# List of all packages that will be installed\n";
+
+  return if $opt_d; # do not write the list if we only download packages
+
+  open(LIST,"> $FAI_ROOT/var/log/install_packages.list") || warn "ERROR $0: Can't write package list file: $!\n";
+  print LIST "# List of all packages that will be installed via install_packages\n";
   for (@known) { print LIST "$_\n"; }
   close(LIST);
 

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2010-03-25 15:49:35 UTC (rev 5748)
+++ trunk/debian/changelog	2010-03-30 16:38:04 UTC (rev 5749)
@@ -1,9 +1,11 @@
-fai (3.3.5~beta1) unstable; urgency=low
+fai (3.3.5~beta2) unstable; urgency=high
 
+  * install_packages: security fix, do not wite to world writeable
+    directories (closes: 575921)
   * fai-chboot: do not print templates containing a number as subnet
   * disk-info: remove local to make it a pure shell script
 
- -- Thomas Lange <lange at debian.org>  Thu, 25 Mar 2010 14:05:05 +0100
+ -- Thomas Lange <lange at debian.org>  Tue, 30 Mar 2010 18:36:57 +0200
 
 fai (3.3.4) unstable; urgency=low

More information about the Fai-commit mailing list