diff options
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | cobbler/kickgen.py | 2 | ||||
| -rw-r--r-- | cobbler/settings.py | 1 | ||||
| -rw-r--r-- | cobbler/templar.py | 2 | ||||
| -rw-r--r-- | installer_templates/settings.template | 12 |
5 files changed, 16 insertions, 2 deletions
@@ -58,6 +58,7 @@ Cobbler CHANGELOG - (FEAT) webui sidebar reorg - (FEAT) manage_dhcpd feature (ISC) now checks service status before restarting - (BUGF) omapi for manage_dhcp feature (ISC) now defaults to off +- (FEAT) added module whitelist to settings file - Fri Sep 26 2008 - 1.2.5 - (BUGF) expose --arch for "cobbler image add" diff --git a/cobbler/kickgen.py b/cobbler/kickgen.py index 9a8e1464..1d5fed34 100644 --- a/cobbler/kickgen.py +++ b/cobbler/kickgen.py @@ -96,7 +96,7 @@ class KickGen: elif kickstart_path is not None and not os.path.exists(kickstart_path): if kickstart_path.find("http://") == -1 and kickstart_path.find("ftp://") == -1 and kickstart_path.find("nfs:") == -1: return "# Error, cannot find %s" % kickstart_path - return "# kickstart is sourced externally: %s" % meta["kickstart"] + return "# kickstart is sourced externally, or is missing, and cannot be displayed here: %s" % meta["kickstart"] def generate_kickstart_signal(self, is_pre=0, profile=None, system=None): """ diff --git a/cobbler/settings.py b/cobbler/settings.py index f68d239f..bce6e026 100644 --- a/cobbler/settings.py +++ b/cobbler/settings.py @@ -34,6 +34,7 @@ DEFAULTS = { "allow_duplicate_macs" : 0, "allow_duplicate_ips" : 0, "bind_bin" : "/usr/sbin/named", + "cheetah_import_whitelist" : [ "re", "random", "time" ], "cobbler_master" : '', "default_kickstart" : "/var/lib/cobbler/kickstarts/default.ks", "default_name_servers" : '', diff --git a/cobbler/templar.py b/cobbler/templar.py index 63164510..57135646 100644 --- a/cobbler/templar.py +++ b/cobbler/templar.py @@ -50,7 +50,7 @@ class Templar: for line in lines: if line.find("#import") != -1: rest=line.replace("#import","").replace(" ","").strip() - if rest not in [ "time", "random", "re" ]: + if rest not in self.settings.cheetah_import_whitelist: print "warning" raise CX("potentially insecure import in template: %s" % rest) diff --git a/installer_templates/settings.template b/installer_templates/settings.template index 3945f039..2079877b 100644 --- a/installer_templates/settings.template +++ b/installer_templates/settings.template @@ -29,6 +29,18 @@ allow_duplicate_macs: 0 # the path to BIND's executable for this distribution. bind_bin: /usr/sbin/named +# Cheetah-language kickstart templates can import Python modules. +# while this is a useful feature, it is not safe to allow them to +# import anything they want. This whitelists which modules can be +# imported through Cheetah. Users can expand this as needed but +# should never allow modules such as subprocess or those that +# allow access to the filesystem as Cheetah templates are evaluated +# by cobblerd as code. +cheetah_import_whitelist: + - "random" + - "re" + - "time" + # if no kickstart is specified, use this template (FIXME) default_kickstart: /etc/cobbler/default.ks |