Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the params module option from ldap_attr and ldap_entry #113

Merged
merged 3 commits into from Apr 6, 2020
Merged

Remove the params module option from ldap_attr and ldap_entry #113

merged 3 commits into from Apr 6, 2020

Conversation

s-hertel
Copy link
Contributor

@s-hertel s-hertel commented Apr 3, 2020

Fix for CVE-2020-1746

Module options that circumvent Ansible's option handling were disallowed
in:
https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html

Additionally, this particular usage can be insecure if bind_pw is set
this way as the password could end up in a logfile or displayed on
stdout.

Initially opened as ansible/ansible#67866.

@abadger @s-hertel
Remove the params module option from ldap_attr and ldap_entry
9cc338b 
Module options that circumvent Ansible's option handling were disallowed
in:
https://meetbot.fedoraproject.org/ansible-meeting/2017-09-28/ansible_dev_meeting.2017-09-28-15.00.log.html

Additionally, this particular usage can be insecure if bind_pw is set
this way as the password could end up in a logfile or displayed on
stdout.

Fixes CVE-2020-1746
felixfontein
felixfontein reviewed Apr 6, 2020
View reviewed changes
Copy link
Collaborator

@felixfontein felixfontein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just a few docs nits :)

plugins/modules/net_tools/ldap/ldap_attr.py Outdated Show resolved Hide resolved
plugins/modules/net_tools/ldap/ldap_attr.py Outdated Show resolved Hide resolved
plugins/modules/net_tools/ldap/ldap_entry.py Outdated Show resolved Hide resolved
plugins/modules/net_tools/ldap/ldap_entry.py Outdated Show resolved Hide resolved
@s-hertel @felixfontein
Apply suggestions from code review
0e79127 
Co-Authored-By: Felix Fontein <felix@fontein.de>
felixfontein
felixfontein approved these changes Apr 6, 2020
View reviewed changes
Copy link
Collaborator

@felixfontein felixfontein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@felixfontein felixfontein merged commit 11ef03e into ansible-collections:master Apr 6, 2020
@felixfontein
Copy link
Collaborator

@s-hertel @abadger thanks for fixing this!

This was referenced Apr 6, 2020
Merged
Merged
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felixfontein felixfontein felixfontein approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@s-hertel @felixfontein @abadger