diff options
| author | Johannes Erdfelt <johannes.erdfelt@rackspace.com> | 2011-05-20 06:03:33 +0000 |
|---|---|---|
| committer | Tarmac <> | 2011-05-20 06:03:33 +0000 |
| commit | 7eda6968748b26b60a0949fcdc8b92b495f6e319 (patch) | |
| tree | bb189f6706605120903a1f2d53cc16bf40adae2e | |
| parent | 0fdb7bb4778fb6507d7a1c968e36dde68ad817d3 (diff) | |
| parent | 34c1b0bdc04bd335a49a02b5fbf7f5f76380fe82 (diff) | |
| download | nova-7eda6968748b26b60a0949fcdc8b92b495f6e319.tar.gz nova-7eda6968748b26b60a0949fcdc8b92b495f6e319.tar.xz nova-7eda6968748b26b60a0949fcdc8b92b495f6e319.zip | |
The XenAPI driver uses openssl as part of the nova-agent implementation to set the password for root. It uses a temporary file insecurely and unnecessarily. Change the code to write the password directly to stdin of the openssl process instead.
| -rw-r--r-- | nova/virt/xenapi/vmops.py | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py index 13d7d215b..0074444f8 100644 --- a/nova/virt/xenapi/vmops.py +++ b/nova/virt/xenapi/vmops.py @@ -25,7 +25,6 @@ import M2Crypto import os import pickle import subprocess -import tempfile import uuid from nova import context @@ -1163,18 +1162,17 @@ class SimpleDH(object): return mpi def _run_ssl(self, text, which): - base_cmd = ('cat %(tmpfile)s | openssl enc -aes-128-cbc ' - '-a -pass pass:%(shared)s -nosalt %(dec_flag)s') + base_cmd = ('openssl enc -aes-128-cbc -a -pass pass:%(shared)s ' + '-nosalt %(dec_flag)s') if which.lower()[0] == 'd': dec_flag = ' -d' else: dec_flag = '' - fd, tmpfile = tempfile.mkstemp() - os.close(fd) - file(tmpfile, 'w').write(text) shared = self._shared cmd = base_cmd % locals() proc = _runproc(cmd) + proc.stdin.write(text) + proc.stdin.close() proc.wait() err = proc.stderr.read() if err: |