Rewrite linux/nfs_cleanup for security and multi-user, fixes #7938

Avoid using a temporary file, rather do the substitution in Ruby and write /etc/exports directly.
2016-10-28 11:27:41 -04:00 · 2016-10-28 11:27:41 -04:00 · 7e83edd643
parent 7e6ac38a37
commit 7e83edd643
1 changed files with 15 additions and 7 deletions
--- a/plugins/hosts/linux/cap/nfs.rb
+++ b/plugins/hosts/linux/cap/nfs.rb
@ -93,17 +93,25 @@ module VagrantPlugins
        def self.nfs_cleanup(id)
          return if !File.exist?("/etc/exports")

-          user = Regexp.escape(Process.uid.to_s)
-          id   = Regexp.escape(id.to_s)
-
          # Only use "sudo" if we can't write to /etc/exports directly
          sudo_command = ""
          sudo_command = "sudo " if !File.writable?("/etc/exports")

-          # Use sed to just strip out the block of code which was inserted
-          # by Vagrant
-          tmp = ENV["TMPDIR"] || ENV["TMP"] || "/tmp"
-          system("cp /etc/exports '#{tmp}' && #{sudo_command}sed -r -e '\\\x01^# VAGRANT-BEGIN:( #{user})? #{id}\x01,\\\x01^# VAGRANT-END:( #{user})? #{id}\x01 d' -ibak '#{tmp}/exports' ; #{sudo_command}cp '#{tmp}/exports' /etc/exports")
+          # Strip out the block of code which was inserted by Vagrant
+          user = Regexp.escape(Process.uid.to_s)
+          id = Regexp.escape(id.to_s)
+          exports_in = File.read('/etc/exports')
+          exports_out = exports_in.gsub(%r{
+            ^\#\ VAGRANT-BEGIN:((?:\ #{user})?\ #{id})$
+            .*?
+            ^\#\ VAGRANT-END:\1$
+            \n?
+          }mx, '')
+          if exports_out != exports_in
+            open(%Q[|#{sudo_command}tee /etc/exports >/dev/null], 'w+') do |p|
+              p.write(exports_out)
+            end
+          end
        end

        def self.nfs_opts_setup(folders)