Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
do not use a predictable filenames in the LXC plugin #1941
The attach script of the LXC module currently uses predictable names, allowing symlink attacks.
Thanks @evgeni. To the current maintainers, @cloudnull please review according to guidelines (http://docs.ansible.com/ansible/developing_modules.html#module-checklist) and comment with text 'shipit' or 'needs_revision' as appropriate.
[This message brought to you by your friendly Ansibull-bot.]
@evgeni another path that could be fixed is archive_path. It currently defaults to /tmp/ so an attacker could make symlinks there. https://github.com/ansible/ansible-modules-extras/pull/1941/files#diff-cf760a9c318e06abfcf03558a58b2bc4R143 https://github.com/ansible/ansible-modules-extras/blob/devel/cloud/lxc/lxc_container.py#L1750
Since the purpose of archive is to create a backup of the container that the user can find later we probably can't make it into an unpredictable tempfile. I think the best thing for that is to remove the default for archive_path. then add a required_if to arg spec so that if archive is True, archive_path must be set by the user.
@evgeni Code here looks good. If you're around go ahead and squash your commits for easier cherry-picking and let me know.
I'm going to start working on the archive_path issue unless you tell me that you're already working on it (want to get these cherry-picked to stable-2.0 so that if we decide to do a 2.0.2rc3, it gets included) (Not sure if we'll do an rc3 yet... but I want to make sure the code is ready if we do.)