From ea98771cba738d6fcfe47f650ecaa598c17c7c8a Mon Sep 17 00:00:00 2001 From: Thomas Mangin Date: Fri, 24 Apr 2020 14:44:47 +0100 Subject: log: T2377: do not modify log file if not 666 --- python/vyos/debug.py | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'python') diff --git a/python/vyos/debug.py b/python/vyos/debug.py index 20090fb85..1a042cbb4 100644 --- a/python/vyos/debug.py +++ b/python/vyos/debug.py @@ -41,8 +41,9 @@ def message(message, flag='', destination=sys.stdout): try: # at boot the file is created as root:vyattacfg # at runtime the file is created as user:vyattacfg - # the default permission are 644 - mask = os.umask(0o113) + # but the helper scripts are not run as this so it + # need the default permission to be 666 (an not 660) + mask = os.umask(0o111) with open(logfile, 'a') as f: f.write(_format('log', message)) @@ -133,7 +134,7 @@ def _contentenv(flag): return os.environ.get(f'VYOS_{flag.upper()}_DEBUG', '').strip() -def _contentfile(flag): +def _contentfile(flag, default=''): """ Check if debug exist for a given debug flag name @@ -153,7 +154,8 @@ def _contentfile(flag): if not os.path.isfile(flagfile): continue with open(flagfile) as f: - return f.readline().strip() + content = f.readline().strip() + return content or default return '' @@ -166,7 +168,7 @@ def _logfile(flag, default): """ # For log we return the location of the log file - log_location = _contentenv(flag) or _contentfile(flag) + log_location = _contentenv(flag) or _contentfile(flag, default) # it was not set if not log_location: @@ -177,6 +179,15 @@ def _logfile(flag, default): not log_location.startswith('/config/') and \ not log_location.startswith('/var/log/'): return default + # Do not allow to escape the folders if '..' in log_location: return default + + if not os.path.exists(log_location): + return log_location + + # this permission is unique the the config and var folder + stat = os.stat(log_location).st_mode + if stat != 0o100666: + return default return log_location -- cgit v1.2.3