Securely create temp directorys / files

The temp directory packstack was using was being created in an insecure manor with world readable permissions. This commit ensures temp directories are created securly on both the local and remote hosts o Create var directory with tempfile.mkdtemp o remove other places where var directory was created o change permissions of all files that do (or may) contain sensitive data to 600 o No longer append data to mainifest file, it is now created and writen out in once o Attempts to remove data on remote hosts after the packstach run CVE-2013-0261 https://bugzilla.redhat.com/show_bug.cgi?id=908101 Change-Id: Ie7105207d3da128d630628c1df037ffafc94beb8
2013-02-01 06:57:55 -05:00
parent 8f411ae818
commit 624d49a0e8
6 changed files with 70 additions and 15 deletions
--- a/packstack/installer/output_messages.py
+++ b/packstack/installer/output_messages.py
@@ -51,6 +51,7 @@ INFO_STRING_LEN_LESS_THAN_MIN="String length is less than the minimum allowed: %
 INFO_STRING_EXCEEDS_MAX_LENGTH="String length exceeds the maximum length allowed: %s"
 INFO_STRING_CONTAINS_ILLEGAL_CHARS="String contains illegal characters"
 INFO_CINDER_VOLUMES_EXISTS="Did not create a cinder volume group, one already existed"
+INFO_REMOVE_REMOTE_VAR="Removing %s on %s (if it is a remote host)"

 WARN_WEAK_PASS="Warning: Weak Password."

@@ -80,6 +81,7 @@ ERR_RC_CODE="Return Code is not zero"
 ERR_FAILURE="General failure"
 ERR_NO_ANSWER_FILE="Error: Could not find file %s"
 ERR_ONLY_1_FLAG="Error: The %s flag is mutually exclusive to all other command line options"
+ERR_REMOVE_REMOTE_VAR="Error: Failed to remove directory %s on %s, it contains sensitive data and should be removed"

 #
 INFO_KEYSTONERC="To use the command line tools source the file /root/keystonerc_admin created on %s"