From c925a02f82473415b456651e35c1c47c8d13bafe Mon Sep 17 00:00:00 2001 From: Chris Lundquist Date: Wed, 16 May 2018 21:40:22 +0000 Subject: [PATCH] don't chown to close the security issue --- builder/lxc/command.go | 26 +++++++++++++++++++++++++ builder/lxc/step_export.go | 33 ++------------------------------ builder/lxc/step_lxc_create.go | 35 +++++----------------------------- 3 files changed, 33 insertions(+), 61 deletions(-) diff --git a/builder/lxc/command.go b/builder/lxc/command.go index af81cff83..4afa56844 100644 --- a/builder/lxc/command.go +++ b/builder/lxc/command.go @@ -1,7 +1,11 @@ package lxc import ( + "bytes" + "fmt" + "log" "os/exec" + "strings" ) // CommandWrapper is a type that given a command, will possibly modify that @@ -13,3 +17,25 @@ type CommandWrapper func(string) (string, error) func ShellCommand(command string) *exec.Cmd { return exec.Command("/bin/sh", "-c", command) } + +func RunCommand(args ...string) error { + var stdout, stderr bytes.Buffer + + log.Printf("Executing args: %#v", args) + cmd := exec.Command(args[0], args[1:]...) + cmd.Stdout = &stdout + cmd.Stderr = &stderr + err := cmd.Run() + + stdoutString := strings.TrimSpace(stdout.String()) + stderrString := strings.TrimSpace(stderr.String()) + + if _, ok := err.(*exec.ExitError); ok { + err = fmt.Errorf("Command error: %s", stderrString) + } + + log.Printf("stdout: %s", stdoutString) + log.Printf("stderr: %s", stderrString) + + return err +} diff --git a/builder/lxc/step_export.go b/builder/lxc/step_export.go index f01b30074..ddfa85048 100644 --- a/builder/lxc/step_export.go +++ b/builder/lxc/step_export.go @@ -1,15 +1,11 @@ package lxc import ( - "bytes" "context" "fmt" "io" - "log" "os" - "os/exec" "path/filepath" - "strings" "github.com/hashicorp/packer/helper/multistep" "github.com/hashicorp/packer/packer" @@ -47,7 +43,7 @@ func (s *stepExport) Run(_ context.Context, state multistep.StateBag) multistep. _, err = io.Copy(configFile, originalConfigFile) - commands := make([][]string, 4) + commands := make([][]string, 3) commands[0] = []string{ "lxc-stop", "--name", name, } @@ -57,13 +53,10 @@ func (s *stepExport) Run(_ context.Context, state multistep.StateBag) multistep. commands[2] = []string{ "chmod", "+x", configFilePath, } - commands[3] = []string{ - "sh", "-c", "chown $USER:`id -gn` " + filepath.Join(config.OutputDir, "*"), - } ui.Say("Exporting container...") for _, command := range commands { - err := s.SudoCommand(command...) + err := RunCommand(command...) if err != nil { err := fmt.Errorf("Error exporting container: %s", err) state.Put("error", err) @@ -76,25 +69,3 @@ func (s *stepExport) Run(_ context.Context, state multistep.StateBag) multistep. } func (s *stepExport) Cleanup(state multistep.StateBag) {} - -func (s *stepExport) SudoCommand(args ...string) error { - var stdout, stderr bytes.Buffer - - log.Printf("Executing sudo command: %#v", args) - cmd := exec.Command("sudo", args...) - cmd.Stdout = &stdout - cmd.Stderr = &stderr - err := cmd.Run() - - stdoutString := strings.TrimSpace(stdout.String()) - stderrString := strings.TrimSpace(stderr.String()) - - if _, ok := err.(*exec.ExitError); ok { - err = fmt.Errorf("Sudo command error: %s", stderrString) - } - - log.Printf("stdout: %s", stdoutString) - log.Printf("stderr: %s", stderrString) - - return err -} diff --git a/builder/lxc/step_lxc_create.go b/builder/lxc/step_lxc_create.go index 98dce3a7c..0c89ce190 100644 --- a/builder/lxc/step_lxc_create.go +++ b/builder/lxc/step_lxc_create.go @@ -1,13 +1,9 @@ package lxc import ( - "bytes" "context" "fmt" - "log" - "os/exec" "path/filepath" - "strings" "github.com/hashicorp/packer/helper/multistep" "github.com/hashicorp/packer/packer" @@ -30,7 +26,9 @@ func (s *stepLxcCreate) Run(_ context.Context, state multistep.StateBag) multist } commands := make([][]string, 3) - commands[0] = append(config.EnvVars, "lxc-create") + commands[0] = append(commands[0], "env") + commands[0] = append(commands[0], config.EnvVars...) + commands[0] = append(commands[0], "lxc-create") commands[0] = append(commands[0], config.CreateOptions...) commands[0] = append(commands[0], []string{"-n", name, "-t", config.Name, "--"}...) commands[0] = append(commands[0], config.Parameters...) @@ -42,8 +40,7 @@ func (s *stepLxcCreate) Run(_ context.Context, state multistep.StateBag) multist ui.Say("Creating container...") for _, command := range commands { - log.Printf("Executing sudo command: %#v", command) - err := s.SudoCommand(command...) + err := RunCommand(command...) if err != nil { err := fmt.Errorf("Error creating container: %s", err) state.Put("error", err) @@ -66,29 +63,7 @@ func (s *stepLxcCreate) Cleanup(state multistep.StateBag) { } ui.Say("Unregistering and deleting virtual machine...") - if err := s.SudoCommand(command...); err != nil { + if err := RunCommand(command...); err != nil { ui.Error(fmt.Sprintf("Error deleting virtual machine: %s", err)) } } - -func (s *stepLxcCreate) SudoCommand(args ...string) error { - var stdout, stderr bytes.Buffer - - log.Printf("Executing sudo command: %#v", args) - cmd := exec.Command("sudo", args...) - cmd.Stdout = &stdout - cmd.Stderr = &stderr - err := cmd.Run() - - stdoutString := strings.TrimSpace(stdout.String()) - stderrString := strings.TrimSpace(stderr.String()) - - if _, ok := err.(*exec.ExitError); ok { - err = fmt.Errorf("Sudo command error: %s", stderrString) - } - - log.Printf("stdout: %s", stdoutString) - log.Printf("stderr: %s", stderrString) - - return err -}