Merge pull request #499 from lzap/secret_token

lzap · lzap · commit 7c256fef9d75 · 2012-08-22T04:20:32.000-07:00
850745 - secret_token is not generated properly (CVE-2012-3503)
diff --git a/src/config/initializers/secret_token.rb b/src/config/initializers/secret_token.rb
@@ -1,7 +1,14 @@
-# Be sure to restart your server when you modify this file.
+require 'active_support/secure_random'
 
-# Your secret key for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-Src::Application.config.secret_token = 'f466b184ef680822293d7130f57593a7087a34b5de0607c64d1ceb66fcac4dce6810a6f176feba3fbbf2489de93c0918397c0c275996eb476b2fa6079ab849c1'
+begin
+  # Read token string from the file.
+  token = IO.read('/etc/katello/secret_token')
+  raise RuntimeError, 'Size is too small' if token.length < 9
+  Src::Application.config.secret_token = token.chomp
+rescue Exception => e
+  # If anything is wrong make sure the token is random. This is safe even when
+  # Katello is not configured correctly for any reason (but session is lost
+  # after each restart).
+  Rails.logger.warn "Using randomly generated secure token: #{e.message}"
+  Src::Application.config.secret_token = ActiveSupport::SecureRandom.hex(80)
+end
diff --git a/src/katello.spec b/src/katello.spec
@@ -364,19 +364,20 @@ install -m 644 man/katello-service.8 %{buildroot}/%{_mandir}/man8
 /sbin/chkconfig --add %{name}
 /sbin/chkconfig --add %{name}-jobs
 
-%postun common
-#update config/initializers/secret_token.rb with new key
-NEWKEY=$(</dev/urandom tr -dc A-Za-z0-9 | head -c128)
-sed -i "s/^Src::Application.config.secret_token = '.*'/Src::Application.config.secret_token = '$NEWKEY'/" \
-    %{homedir}/config/initializers/secret_token.rb
+#Generate secret token if the file does not exist
+#(this must be called both for installation and upgrade)
+TOKEN=/etc/katello/secret_token
+test -f $TOKEN || (echo $(</dev/urandom tr -dc A-Za-z0-9 | head -c128) > $TOKEN \
+    && chmod 600 $TOKEN && chown katello:katello $TOKEN)
 
 %posttrans common
-rm %{datadir}/Gemfile.lock
+rm -f %{datadir}/Gemfile.lock 2>/dev/null
 /sbin/service %{name} condrestart >/dev/null 2>&1 || :
 
 %files
 %attr(600, katello, katello)
 %{_bindir}/katello-*
+%ghost %attr(600, katello, katello) %{_sysconfdir}/%{name}/secret_token
 %{homedir}/app/controllers
 %{homedir}/app/helpers
 %{homedir}/app/mailers
