Uploaded image for project: 'Libcloud'
  1. Libcloud
  2. LIBCLOUD-95

if LIBCLOUD_DEBUG is a digit the location d = "/tmp/libcloud_debug.log" is used

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.6.1
    • Component/s: None
    • Labels:
      None

      Description

      if LIBCLOUD_DEBUG is a digit the location "/tmp/libcloud_debug.log" is used for logging (data is appended to the file) when libcloud is imported. /tmp/libcloud_debug.log could potentially be a symbolic link to another file, e.g. /home/hi/.bashrc.

      see https://github.com/apache/libcloud/blob/4223c8e235337fbb2935eb0e6c78eab50b158609/libcloud/__init__.py line 54.

        Activity

        Hide
        kami Tomaz Muraus added a comment -

        Correct, what is your actual problem / exception you get?

        It should work fine even if a path is a symbolic link to a file.

        Show
        kami Tomaz Muraus added a comment - Correct, what is your actual problem / exception you get? It should work fine even if a path is a symbolic link to a file.
        Hide
        daveb daveb added a comment - - edited

        Sorry, I never got a email follow up to the reply on this issue.
        Actually, the concern is that the use of the hard-coded location without proper pre-checks is a case of "Insecure Temporary File" http://cwe.mitre.org/data/definitions/377.html . I know this is a debug mode, but doing it right tm is always a good thing

        Show
        daveb daveb added a comment - - edited Sorry, I never got a email follow up to the reply on this issue. Actually, the concern is that the use of the hard-coded location without proper pre-checks is a case of "Insecure Temporary File" http://cwe.mitre.org/data/definitions/377.html . I know this is a debug mode, but doing it right tm is always a good thing
        Hide
        kami Tomaz Muraus added a comment -

        I have removed a "default path" functionality and now you must explicitly specify a path.

        In any case, I still think it should be a non-issue, because it's only used in debug mode and you probably also don't run your script with elevated privileges.

        Show
        kami Tomaz Muraus added a comment - I have removed a "default path" functionality and now you must explicitly specify a path. In any case, I still think it should be a non-issue, because it's only used in debug mode and you probably also don't run your script with elevated privileges.

          People

          • Assignee:
            Unassigned
            Reporter:
            daveb daveb
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development