maas-common 2.4.0~beta2-6865-gec43e47e6-0ubuntu1 / usr / lib / maas / maas-write-file

This file is indexed.

/usr/lib/maas/maas-write-file is in maas-common 2.4.0~beta2-6865-gec43e47e6-0ubuntu1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/usr/bin/env python3
# Copyright 2017 Canonical Ltd.  This software is licensed under the
# GNU Affero General Public License version 3 (see the file LICENSE).

"""Atomically write a file.

Reads the byte content from standard-in and writes to the specified file. The
filename is checked against an internal white list. As such it's intended to
be used behind `sudo`.
"""

import argparse
import os
import pipes
import sys

from provisioningserver.utils.fs import atomic_write


whitelist = {
    "/etc/chrony/chrony.conf",
    "/etc/chrony/maas.conf",
    "/var/lib/maas/dhcpd-interfaces",
    "/var/lib/maas/dhcpd.conf",
    "/var/lib/maas/dhcpd6-interfaces",
    "/var/lib/maas/dhcpd6.conf",
}


# For DEVELOPMENT ONLY update the paths in the white list to all be prefixed
# with MAAS_ROOT, if defined. Check real and effective UIDs to be super extra
# paranoid (only the latter actually matters).
if os.getuid() != 0 and os.geteuid() != 0:
    root = os.environ.get("MAAS_ROOT")
    if root is not None:
        whitelist = {
            os.path.abspath(root + os.sep + path)
            for path in whitelist
        }


def octal(string):
    """Parse `string` as an octal number."""
    return int(string, 8)


arg_parser = argparse.ArgumentParser(description=__doc__)
arg_parser.add_argument("filename", help="The file to write.")
arg_parser.add_argument("mode", type=octal, help="The octal file mode.")


def main(args, fin):

    # Validate the filename here because using a `choices` argument in the
    # parser results in ugly help and error text.
    if args.filename not in whitelist:
        arg_parser.error(
            "Given filename %s is not in the white list. "
            "Choose from: %s." % (
                pipes.quote(args.filename), ", ".join(
                    map(pipes.quote, sorted(whitelist)))))

    # Do not allow "high" bits in the mode, especially setuid and setgid.
    elif args.mode & 0o777 != args.mode:
        arg_parser.error(
            "Given file mode 0o%o is not permitted; only "
            "permission bits may be set." % args.mode)

    # Okay, good to go.
    else:
        atomic_write(
            fin.read(), args.filename, overwrite=True,
            mode=args.mode)


if __name__ == "__main__":
    main(arg_parser.parse_args(), sys.stdin.buffer)

APT Browse - Built by Thomas Orozco.