puppet.git - Puppet repo

	Commit message (Collapse)	Author	Age	Files	Lines
*	Fix for temporary file security whole	Markus Roberts	2010-01-05	1	-3/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We create temporary files in /tmp/ with predictable names. These could be used by an attacker to DoS a box by setting a symlink to some other file (say, /etc/shadow) and waiting for us to overwrite it. The minimalistic solution employed by this patch is to wrap all such file writing with a paranoid wrapper that: 1) Check to see if the target exists 2) Issues a warning if it was a symlink 3) Deletes it 4) Waits (0.1 seconds if it was a file, 5 seconds if it was a symlink) 5) Opens the file with EXCL, which will fail if the file has come back. If this succeeds (as it normally will) it has exactly the same semantics as the original code (a must, as we are right at a release boundary). However, under no circumstances will it follow a preexisting symlink (the operating system guarantees this with EXCL) so the danger of an exploit has been converted into the possibility of a failure, with an appropriate warning.
*	Added Markdown mode to puppetdoc to output Markdown.	James Turnbull	2009-07-10	1	-5/+27
\| \| \| \|	Requires the pandoc binary to function (http://johnmacfarlane.net/pandoc/).
*	Fixing the markup on the pkgdmg provider so it is a bit better	Luke Kanies	2007-11-28	1	-1/+1
\|
*	Removing the Id tags from all of the files	Luke Kanies	2007-10-03	1	-1/+0
\|
*	Renaming the instance loader method to "instance_load". It was previously ↵	Luke Kanies	2007-09-10	1	-1/+1
\| \| \| \|	autoload, which could class with Kernel.autoload.
*	Updating trac location for laeg	luke	2007-06-19	1	-1/+1
\| \| \| \|	git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2636 980ebf18-57e1-0310-9a29-db15c13687c0
*	Intermediate commit of more reference work, including making provider ↵	luke	2007-05-08	1	-3/+12
\| \| \| \| \| \|	suitable more introspectable. I am about to significantly change the output format of the providers reference, so i want to get this committed before that change. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2485 980ebf18-57e1-0310-9a29-db15c13687c0
*	Adding a dynamic? option for references, so those are not stored in trac	luke	2007-05-07	1	-2/+5
\| \| \| \|	git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2480 980ebf18-57e1-0310-9a29-db15c13687c0
*	Lots of work related to generating more reference. Moving all of the ↵	luke	2007-05-07	1	-1/+6
\| \| \| \| \| \|	individual references out of puppetdoc and into an external "reference" class, which itself can autoload, so it is now easy to add new types of references. Also adding a network reference, along with an unfinished provider reference. git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2479 980ebf18-57e1-0310-9a29-db15c13687c0
*	First run at moving references to lib/puppet instead of puppetdoc	luke	2007-05-07	1	-0/+172
	git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2477 980ebf18-57e1-0310-9a29-db15c13687c0