Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Secure tempfiles #742

Merged
merged 3 commits into from Jun 29, 2021
Merged

Secure tempfiles #742

merged 3 commits into from Jun 29, 2021

Commits on Jun 28, 2021

  1. When creating a private_data_dir in a world writable location, use mk…

    …dtemp()
    
    The previous code allowed for an easily exploitable race where the
    attacker could pre-create a known directory name to gain access to
    private files created by ansible-runner.  Using mkdtemp() closes that
    hole because mkdtemp() ensures that the directory name returned has
    been allocated with restrictive permissions by mkdtemp itself so the
    attacker has no opportunity to inject their own directory.
    
    Fixes ansible#738
    abadger committed Jun 28, 2021
  2. Close a race condition with temporary files

    The previous code allowed a race where an attacker could watch for
    creation of a rapid creation and deletion of a temporary directory,
    substitute their own directory at that name, and then have access to
    ansible-runner's private_data_dir the next time ansible-runner made
    ues of the private_data_dir.
    
    This code fixes the issue by creating the directory securely using
    mkdtemp() and not deleting it afterwards.
    abadger committed Jun 28, 2021
  3. Fix unittests for new private_data_dir handling

    * Most tests just need to be changed to account for a default private_data_dir
      which doesn't have a predictable name.
    * test_container_volmount_generation has several tests where mocking of
      os.path.exists for the _update_volume_mount_paths() function which was
      being tested interfered with proprer creation of a BaseConfig()
      object.  Moved the mocking to occur after the BaseConfig()
      instantiation to make those work.
    abadger committed Jun 28, 2021