Skip to content

Insecure creation of temporary directory for become_user #67791

Closed
@samdoran

Description

@samdoran
SUMMARY

CVE-2020-1733

We create a temporary directory for the become_user with umask 077 in /var/tmp without first checking if the directory exists and that it has the expected permissions.

Relevant code

if mode:
tmp_umask = 0o777 & ~mode
cmd = '%s umask %o %s %s %s' % (self._SHELL_GROUP_LEFT, tmp_umask, self._SHELL_AND, cmd, self._SHELL_GROUP_RIGHT)
return cmd

We need to validate the parent directories are as expected before creating directories in those paths and fail if the permissions and/or ACLs are not what we expect.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

lib/ansible/plugins/shell/__init__.py

ANSIBLE VERSION
2.10
CONFIGURATION
default
OS / ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS

Metadata

Metadata

Assignees

No one assigned

    Labels

    affects_2.10This issue/PR affects Ansible v2.10bugThis issue/PR relates to a bug.has_prThis issue has an associated PR.securityRelated to a vulnerability or CVEsupport:coreThis issue/PR relates to code supported by the Ansible Engineering Team.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions