[[chef-dev]] Re: [[chef-dev]] Re: [[chef-dev]] Re: [[chef-dev]] CHEF-2224


Chronological Thread 
  • From: Daniel DeLeo < >
  • To: Joshua Timberman < >
  • Cc:
  • Subject: [[chef-dev]] Re: [[chef-dev]] Re: [[chef-dev]] Re: [[chef-dev]] CHEF-2224
  • Date: Mon, 18 Apr 2011 09:36:58 -0700

On Thursday, April 14, 2011 at 10:17 PM, Joshua Timberman wrote:

On Thu, Apr 14, 2011 at 10:49 PM, Tollef Fog Heen < "> > wrote:
| exception...ie /tmp/chef-failure.dump.

Please don't make it a static name in a publically writeable directory,
that's really bad from a security point of view.

It should probably be dropped off in Chef::Config[:file_cache_path]
with the PID attached, no? E.g., with the default file_cache_path:

/var/chef/cache/chef-failure-2732.json

Where 2732 is the PID that ran chef-client, and an informational
message printed.

The design decision was to only keep one at a time to avoid wasting disk space. I think adding the PID would be the least attractive compromise, you would only keep one stacktrace if daemonized, but you would have one for each run when using cron (and no convenient way to know which ones were relevant). If there's a consensus that having past error logs available is more important than saving disk, I'd prefer to add a YYYY-MM-DD-HH-MM timestamp.

As for the security issue, I changed the stacktrace and attribute dumpers to use file_cache_path.

--
Opscode, Inc
Joshua Timberman, Technical Evangelist
IRC, Skype, Twitter, Github: jtimberman



-- 
Dan DeLeo




Archive powered by MHonArc 2.6.16.

§