From 7835a9325d329e2eac4fa5afa31ce4f4be7584ee Mon Sep 17 00:00:00 2001
From: Narayan Desai <desai@mcs.anl.gov>
Date: Fri, 18 Sep 2009 01:06:31 +0000
Subject: bcfg2-info: refuse to write build output outside of /tmp without -f
 flag (Resolves Ticket #737)

git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@5439 ce84e21b-d406-0410-9b95-82705330c041
---
 src/sbin/bcfg2-info | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

(limited to 'src/sbin/bcfg2-info')

diff --git a/src/sbin/bcfg2-info b/src/sbin/bcfg2-info
index 4b26d7890..31a5ff0f9 100755
--- a/src/sbin/bcfg2-info
+++ b/src/sbin/bcfg2-info
@@ -103,8 +103,16 @@ Usage: [quit|exit]"""
         
     def do_build(self, args):
         '''build client configuration'''
-        if len(args.split()) == 2:
-            client, ofile = args.split()
+        alist = args.split()
+        path_force = False
+        if '-f' in args:
+            alist.remove('-f')
+            path_force = True
+        if len(alist) == 2:
+            client, ofile = alist
+            if not ofile.startswith('/tmp') and not path_force:
+                print("Refusing to write files outside of /tmp without -f option")
+                return
             output = open(ofile, 'w')
             data = lxml.etree.tostring(self.BuildConfiguration(client),
                                        encoding='UTF-8', xml_declaration=True,
@@ -112,7 +120,7 @@ Usage: [quit|exit]"""
             output.write(data)
             output.close()
         else:
-            print('Usage: build <hostname> <output file>')
+            print('Usage: build [-f] <hostname> <output file>')
 
     def do_buildall(self, args):
         if len(args.split()) != 1:
-- 
cgit v1.2.3-1-g7c22