From be376df16649793b440ba7c3d48d253f8d929339 Mon Sep 17 00:00:00 2001 From: jbjohnso Date: Thu, 16 Sep 2010 13:41:16 +0000 Subject: [PATCH] -Stricter umask around /etc/shadow modifications git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@7474 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- xCAT-server/lib/xcat/plugins/esx.pm | 2 ++ xCAT-server/lib/xcat/plugins/packimage.pm | 2 ++ xCAT-server/lib/xcat/plugins/statelite.pm | 2 ++ 3 files changed, 6 insertions(+) diff --git a/xCAT-server/lib/xcat/plugins/esx.pm b/xCAT-server/lib/xcat/plugins/esx.pm index 76d470d45..fe6601099 100644 --- a/xCAT-server/lib/xcat/plugins/esx.pm +++ b/xCAT-server/lib/xcat/plugins/esx.pm @@ -3177,6 +3177,7 @@ sub makecustomizedmod { my $tempdir = tempdir("/tmp/xcat/esxmodcustXXXXXXXX"); my $shadow; mkpath($tempdir."/etc/"); + my $oldmask=umask(0077); open($shadow,">",$tempdir."/etc/shadow"); $password = crypt($password,'$1$'.xCAT::Utils::genpassword(8)); my $dayssince1970 = int(time()/86400); #Be truthful about /etc/shadow @@ -3186,6 +3187,7 @@ sub makecustomizedmod { print $shadow "$_:*:$dayssince1970:0:99999:7:::\n"; } close($shadow); + umask($oldmask); if (-e "$::XCATROOT/share/xcat/netboot/esxi/38.xcat-enableipv6") { mkpath($tempdir."/etc/vmware/init/init.d"); copy( "$::XCATROOT/share/xcat/netboot/esxi/38.xcat-enableipv6",$tempdir."/etc/vmware/init/init.d/38.xcat-enableipv6"); diff --git a/xCAT-server/lib/xcat/plugins/packimage.pm b/xCAT-server/lib/xcat/plugins/packimage.pm index a0160ea0d..20aeda1e7 100644 --- a/xCAT-server/lib/xcat/plugins/packimage.pm +++ b/xCAT-server/lib/xcat/plugins/packimage.pm @@ -207,6 +207,7 @@ sub process_request { (my $pent) = $passtab->getAttribs({key=>'system',username=>'root'},'password'); if ($pent and defined ($pent->{password})) { my $pass = $pent->{password}; + my $oldmask=umask(0077); my $shadow; open($shadow,"<","$rootimg_dir/etc/shadow"); my @shadents = <$shadow>; @@ -222,6 +223,7 @@ sub process_request { } } close($shadow); + umask($oldmask); } } diff --git a/xCAT-server/lib/xcat/plugins/statelite.pm b/xCAT-server/lib/xcat/plugins/statelite.pm index f6672f3e7..dc106a63d 100644 --- a/xCAT-server/lib/xcat/plugins/statelite.pm +++ b/xCAT-server/lib/xcat/plugins/statelite.pm @@ -144,6 +144,7 @@ sub process_request { (my $pent) = $passtab->getAttribs({key=>'system',username=>'root'},'password'); if ($pent and defined ($pent->{password})) { my $pass = $pent->{password}; + my $oldmask=umask(0077); my $shadow; open($shadow,"<","$rootimg_dir/etc/shadow"); my @shadents = <$shadow>; @@ -159,6 +160,7 @@ sub process_request { } } close($shadow); + umask($oldmask); } }