← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to bin/ivle-buildjail

  • Committer: David Coles
  • Date: 2009-12-09 01:27:45 UTC
  • Revision ID: coles.david@gmail.com-20091209012745-mbnss41eqsucy53b
https://launchpad.net/bugs/492558
Provide a better error message when ivle-buildjail detects world writeable files in the jail template

Show diffs side-by-side

added added

removed removed

Lines of Context:
bin/ivle-buildjail
153
153
 
154
154
# Verify that nothing in the jail is world-writable.
155
155
# We don't want students to write into places that others can see.
156
 
for path, dirs, files in os.walk(build_path):
157
 
    for dname in dirs:
158
 
        d = os.path.join(path, dname)
159
 
        if os.path.islink(d):
160
 
            continue
161
 
        if os.stat(d).st_mode & stat.S_IWOTH:
162
 
            raise UnsafeJail(d)
163
 
 
164
 
    for fname in files:
165
 
        f = os.path.join(path, fname)
166
 
        if os.path.islink(f):
167
 
            continue
168
 
        if os.stat(f).st_mode & stat.S_IWOTH:
169
 
            if (os.path.dirname(f) == os.path.join(build_path, 'dev') and
170
 
                os.path.basename(f) in ('ptmx', 'null', 'tty', 'full', 'zero',
171
 
                                        'random', 'urandom')
172
 
                ):
173
 
                continue
174
 
            raise UnsafeJail(f)
175
 
 
 
156
try:
 
157
    for path, dirs, files in os.walk(build_path):
 
158
        for dname in dirs:
 
159
            d = os.path.join(path, dname)
 
160
            if os.path.islink(d):
 
161
                continue
 
162
            if os.stat(d).st_mode & stat.S_IWOTH:
 
163
                raise UnsafeJail(d)
 
164
 
 
165
        for fname in files:
 
166
            f = os.path.join(path, fname)
 
167
            if os.path.islink(f):
 
168
                continue
 
169
            if os.stat(f).st_mode & stat.S_IWOTH:
 
170
                if (os.path.dirname(f) == os.path.join(build_path, 'dev') and
 
171
                    os.path.basename(f) in ('ptmx', 'null', 'tty', 'full', 'zero',
 
172
                                            'random', 'urandom')
 
173
                    ):
 
174
                    continue
 
175
                raise UnsafeJail(f)
 
176
except UnsafeJail, e:
 
177
    print >> sys.stderr,"""Error: Jail contains world writable path: '%s'.
 
178
This is a security vulnerability as jail template contents are shared between 
 
179
users. Please either make this path world unwriteable or remove it from the 
 
180
jail."""%str(e)
 
181
    sys.exit(1)
176
182
 
177
183
# Copy jail template build to actual jail template
178
184
template_path = conf['paths']['jails']['template']