package / ansible

Clone
Source Code
GIT

Files

  1.   a519d3af4b65cf1ea2c27c8e647d205398ef98e8
  2.   CVE-2020-1733_avoid_mkdir_p.patch
Blob Blame History Raw 
From 0a85e91329d4c048e7e4b2cd478f2c17a3dac988 Mon Sep 17 00:00:00 2001
From: Brian Coca <bcoca@users.noreply.github.com>
Date: Mon, 13 Apr 2020 17:16:29 -0400
Subject: [PATCH 1/4] avoid mkdir -p (#68921)

* also consolidated temp dir name generation, added pid for more 'uniqness'
* generalize error message
* added notes about remote expansion

CVE-2020-1733
fixes #67791

(cherry picked from commit 8077d8e40148fe77e2393caa5f2b2ea855149d63)
---
 changelogs/fragments/remote_mkdir_fix.yml |  2 ++
 lib/ansible/plugins/action/__init__.py    | 11 ++++++++---
 lib/ansible/plugins/shell/__init__.py     | 14 ++++++++++----
 lib/ansible/plugins/shell/powershell.py   |  2 ++
 4 files changed, 22 insertions(+), 7 deletions(-)
 create mode 100644 changelogs/fragments/remote_mkdir_fix.yml

--- /dev/null
+++ b/changelogs/fragments/remote_mkdir_fix.yml
@@ -0,0 +1,2 @@
+bugfixes:
+    - Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733
--- a/lib/ansible/plugins/action/__init__.py
+++ b/lib/ansible/plugins/action/__init__.py
@@ -340,7 +340,11 @@ class ActionBase(with_metaclass(ABCMeta,
         else:
             # NOTE: shell plugins should populate this setting anyways, but they dont do remote expansion, which
             # we need for 'non posix' systems like cloud-init and solaris
-            tmpdir = self._remote_expand_user(self.get_shell_option('remote_tmp', default='~/.ansible/tmp'), sudoable=False)
+            try:
+                tmpdir = self._connection._shell.get_option('remote_tmp')
+            except AnsibleError:
+                tmpdir = '~/.ansible/tmp'
+            tmpdir = self._remote_expand_user(tmpdir, sudoable=False)
 
         become_unprivileged = self._is_become_unprivileged()
         basefile = self._connection._shell._generate_temp_dir_name()
--- a/lib/ansible/plugins/shell/__init__.py
+++ b/lib/ansible/plugins/shell/__init__.py
@@ -79,6 +79,10 @@ class ShellBase(AnsiblePlugin):
     def _generate_temp_dir_name():
         return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48))
 
+    @staticmethod
+    def _generate_temp_dir_name():
+        return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48))
+
     def env_prefix(self, **kwargs):
         return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items()])
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.