oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

ioflo tmp vuln

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 09 Sep 2014 00:09:58 -0600
Easier one:

https://pypi.python.org/pypi/ioflo
ioflo-0.9.39/ioflo/app/run.py:

    p.add_argument('-S', '--statistics',
            action='store',
            nargs='?',
            const=True,
            default=False,
            help=("Profile and compute performance statistics. "
            "Put statistics into file path given by optional argument. "
            "Default statistics file path is /tmp/ioflo/profile/NAME. "))

Then later we have:

        else:
            import cProfile
            import pstats
            if isinstance(statistics, bool):  # use default
                statistics = os.path.join('/tmp', 'ioflo', 'profiles',
'name')
#
# Which is "/tmp/ioflo/profiles/name"
#
            try:
                statfilepath =
os.path.abspath(os.path.expanduser(statistics))
                if not os.path.exists(statfilepath):
                    os.makedirs(os.path.dirname(statfilepath))
            except OSError as ex:
                console.terse("Error: creating server profile statistics
file"
                              " '{0}'\n{1}'\n".format(statfilepath, ex))
                raise

            cProfile.runctx('skedder.run()', globals(), locals(),
statfilepath)
            p = pstats.Stats(statfilepath)
            p.sort_stats('time').print_stats()
            p.print_callers()
            p.print_callees()

And boom goes the file that got linked to.

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: