diff options
| author | Lamont Granquist <lamont@scriptkiddie.org> | 2018-12-13 14:20:49 -0800 |
|---|---|---|
| committer | Lamont Granquist <lamont@scriptkiddie.org> | 2018-12-13 14:20:49 -0800 |
| commit | cfa45b928007e5b9b90a31ad79cd5cbf2b03c9f4 (patch) | |
| tree | 83c867743265a2edbb002a0ee826fb0de9b7cbc2 | |
| parent | 190e39fcb17240b8ac07d7c5784d77417137e206 (diff) | |
| download | chef-cfa45b928007e5b9b90a31ad79cd5cbf2b03c9f4.tar.gz | |
fix copypasta bug and theoretical security bug
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
| -rwxr-xr-x | omnibus/package-scripts/angrychef/preinst | 10 | ||||
| -rwxr-xr-x | omnibus/package-scripts/chef-fips/preinst | 10 | ||||
| -rwxr-xr-x | omnibus/package-scripts/chef/preinst | 8 |
3 files changed, 20 insertions, 8 deletions
diff --git a/omnibus/package-scripts/angrychef/preinst b/omnibus/package-scripts/angrychef/preinst index 0baebe07f4..870bd5fc37 100755 --- a/omnibus/package-scripts/angrychef/preinst +++ b/omnibus/package-scripts/angrychef/preinst @@ -7,11 +7,15 @@ # this programming language. do not touch. # - if you are under 40, get peer review from your elders. -INSTALLER_DIR=/opt/chef +INSTALLER_DIR=/opt/angrychef echo "removing $INSTALLER_DIR..." -# we have to move the dir before trying to wipe it and then ignore errors since -# files may still be in use. +# have to do this dance of moving /opt/chef to a tmp dir since files may be in use tmp_dir="/opt/.chef.$$" +# if we can't create the tmp_dir then fail hard to prevent any possible security hole +(umask 077 && mkdir $tmp_dir) || exit 1 +# now we can clean up the tmp_dir we created safely mv $INSTALLER_DIR $tmp_dir +# ignore errors which must be EBUSY issues, this may crate some litter, which may +# be unavoidable rm -rf $tmp_dir || true diff --git a/omnibus/package-scripts/chef-fips/preinst b/omnibus/package-scripts/chef-fips/preinst index 0baebe07f4..69909262c9 100755 --- a/omnibus/package-scripts/chef-fips/preinst +++ b/omnibus/package-scripts/chef-fips/preinst @@ -7,11 +7,15 @@ # this programming language. do not touch. # - if you are under 40, get peer review from your elders. -INSTALLER_DIR=/opt/chef +INSTALLER_DIR=/opt/chef-fips echo "removing $INSTALLER_DIR..." -# we have to move the dir before trying to wipe it and then ignore errors since -# files may still be in use. +# have to do this dance of moving /opt/chef to a tmp dir since files may be in use tmp_dir="/opt/.chef.$$" +# if we can't create the tmp_dir then fail hard to prevent any possible security hole +(umask 077 && mkdir $tmp_dir) || exit 1 +# now we can clean up the tmp_dir we created safely mv $INSTALLER_DIR $tmp_dir +# ignore errors which must be EBUSY issues, this may crate some litter, which may +# be unavoidable rm -rf $tmp_dir || true diff --git a/omnibus/package-scripts/chef/preinst b/omnibus/package-scripts/chef/preinst index 0baebe07f4..b3f48258c7 100755 --- a/omnibus/package-scripts/chef/preinst +++ b/omnibus/package-scripts/chef/preinst @@ -10,8 +10,12 @@ INSTALLER_DIR=/opt/chef echo "removing $INSTALLER_DIR..." -# we have to move the dir before trying to wipe it and then ignore errors since -# files may still be in use. +# have to do this dance of moving /opt/chef to a tmp dir since files may be in use tmp_dir="/opt/.chef.$$" +# if we can't create the tmp_dir then fail hard to prevent any possible security hole +(umask 077 && mkdir $tmp_dir) || exit 1 +# now we can clean up the tmp_dir we created safely mv $INSTALLER_DIR $tmp_dir +# ignore errors which must be EBUSY issues, this may crate some litter, which may +# be unavoidable rm -rf $tmp_dir || true |