You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@libcloud.apache.org by "daveb (JIRA)" <ji...@apache.org> on 2011/06/21 10:07:47 UTC
[dev] [jira] [Created] (LIBCLOUD-95) if LIBCLOUD_DEBUG is a digit the
location d = "/tmp/libcloud_debug.log" is used
if LIBCLOUD_DEBUG is a digit the location d = "/tmp/libcloud_debug.log" is used
--------------------------------------------------------------------------------
Key: LIBCLOUD-95
URL: https://issues.apache.org/jira/browse/LIBCLOUD-95
Project: Libcloud
Issue Type: Bug
Reporter: daveb
if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file).
/tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[dev] [jira] [Commented] (LIBCLOUD-95) if LIBCLOUD_DEBUG is a digit the
location d = "/tmp/libcloud_debug.log" is used
Posted by "Tomaz Muraus (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LIBCLOUD-95?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13052469#comment-13052469 ]
Tomaz Muraus commented on LIBCLOUD-95:
--------------------------------------
Correct, what is your actual problem / exception you get?
It should work fine even if a path is a symbolic link to a file.
> if LIBCLOUD_DEBUG is a digit the location d = "/tmp/libcloud_debug.log" is used
> --------------------------------------------------------------------------------
>
> Key: LIBCLOUD-95
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-95
> Project: Libcloud
> Issue Type: Bug
> Reporter: daveb
>
> if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libcloud is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
> see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[dev] [jira] [Issue Comment Edited] (LIBCLOUD-95) if LIBCLOUD_DEBUG is a
digit the location d = "/tmp/libcloud_debug.log" is used
Posted by "daveb (Issue Comment Edited) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LIBCLOUD-95?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13131627#comment-13131627 ]
daveb edited comment on LIBCLOUD-95 at 10/20/11 1:45 PM:
---------------------------------------------------------
Sorry, I never got a email follow up to the reply on this issue.
Actually, the concern is that the use of the hard-coded location without proper pre-checks is a case of "Insecure Temporary File" http://cwe.mitre.org/data/definitions/377.html . I know this is a debug mode, but doing it _right_ tm is always a good thing :-)
was (Author: daveb):
Sorry, I never got an email follow up to the reply to this issue.
Actually, the concern is that the use of the hard-coded location without proper pre-checks is a case of "Insecure Temporary File" http://cwe.mitre.org/data/definitions/377.html . I know this is a debug mode, but doing it _right_ tm is always a good thing :-)
> if LIBCLOUD_DEBUG is a digit the location d = "/tmp/libcloud_debug.log" is used
> --------------------------------------------------------------------------------
>
> Key: LIBCLOUD-95
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-95
> Project: Libcloud
> Issue Type: Bug
> Reporter: daveb
>
> if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libcloud is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
> see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[dev] [jira] [Closed] (LIBCLOUD-95) if LIBCLOUD_DEBUG is a digit the
location d = "/tmp/libcloud_debug.log" is used
Posted by "Tomaz Muraus (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LIBCLOUD-95?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tomaz Muraus closed LIBCLOUD-95.
--------------------------------
Resolution: Not A Problem
> if LIBCLOUD_DEBUG is a digit the location d = "/tmp/libcloud_debug.log" is used
> --------------------------------------------------------------------------------
>
> Key: LIBCLOUD-95
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-95
> Project: Libcloud
> Issue Type: Bug
> Reporter: daveb
>
> if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libcloud is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
> see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[dev] [jira] [Resolved] (LIBCLOUD-95) if LIBCLOUD_DEBUG is a digit the
location d = "/tmp/libcloud_debug.log" is used
Posted by "Tomaz Muraus (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LIBCLOUD-95?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tomaz Muraus resolved LIBCLOUD-95.
----------------------------------
Resolution: Fixed
Fix Version/s: 0.6.0
I have removed a "default path" functionality and now you must explicitly specify a path.
In any case, I still think it should be a non-issue, because it's only used in debug mode and you probably also don't run your script with elevated privileges.
> if LIBCLOUD_DEBUG is a digit the location d = "/tmp/libcloud_debug.log" is used
> --------------------------------------------------------------------------------
>
> Key: LIBCLOUD-95
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-95
> Project: Libcloud
> Issue Type: Bug
> Reporter: daveb
> Fix For: 0.6.0
>
>
> if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libcloud is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
> see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[dev] [jira] [Updated] (LIBCLOUD-95) if LIBCLOUD_DEBUG is a digit the
location d = "/tmp/libcloud_debug.log" is used
Posted by "daveb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LIBCLOUD-95?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
daveb updated LIBCLOUD-95:
--------------------------
Description:
if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libcloud is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
was:
if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libvirt is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
> if LIBCLOUD_DEBUG is a digit the location d = "/tmp/libcloud_debug.log" is used
> --------------------------------------------------------------------------------
>
> Key: LIBCLOUD-95
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-95
> Project: Libcloud
> Issue Type: Bug
> Reporter: daveb
>
> if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libcloud is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
> see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[dev] [jira] [Closed] (LIBCLOUD-95) if LIBCLOUD_DEBUG is a digit the
location d = "/tmp/libcloud_debug.log" is used
Posted by "Tomaz Muraus (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LIBCLOUD-95?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tomaz Muraus closed LIBCLOUD-95.
--------------------------------
> if LIBCLOUD_DEBUG is a digit the location d = "/tmp/libcloud_debug.log" is used
> --------------------------------------------------------------------------------
>
> Key: LIBCLOUD-95
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-95
> Project: Libcloud
> Issue Type: Bug
> Reporter: daveb
> Fix For: 0.6.0
>
>
> if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libcloud is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
> see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[dev] [jira] [Reopened] (LIBCLOUD-95) if LIBCLOUD_DEBUG is a digit the
location d = "/tmp/libcloud_debug.log" is used
Posted by "daveb (Reopened) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LIBCLOUD-95?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
daveb reopened LIBCLOUD-95:
---------------------------
Sorry, I never got an email follow up to the reply to this issue.
Actually, the concern is that the use of the hard-coded location without proper pre-checks is a case of "Insecure Temporary File" http://cwe.mitre.org/data/definitions/377.html . I know this is a debug mode, but doing it _right_ tm is always a good thing :-)
> if LIBCLOUD_DEBUG is a digit the location d = "/tmp/libcloud_debug.log" is used
> --------------------------------------------------------------------------------
>
> Key: LIBCLOUD-95
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-95
> Project: Libcloud
> Issue Type: Bug
> Reporter: daveb
>
> if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libcloud is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
> see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[dev] [jira] [Updated] (LIBCLOUD-95) if LIBCLOUD_DEBUG is a digit the
location d = "/tmp/libcloud_debug.log" is used
Posted by "daveb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LIBCLOUD-95?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
daveb updated LIBCLOUD-95:
--------------------------
Description:
if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libvirt is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
was:
if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file).
/tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
> if LIBCLOUD_DEBUG is a digit the location d = "/tmp/libcloud_debug.log" is used
> --------------------------------------------------------------------------------
>
> Key: LIBCLOUD-95
> URL: https://issues.apache.org/jira/browse/LIBCLOUD-95
> Project: Libcloud
> Issue Type: Bug
> Reporter: daveb
>
> if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libvirt is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.
> see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira