New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insecure creation of temporary directory for become_user #67791
Comments
|
Files identified in the description:
If these files are inaccurate, please update the |
|
Files identified in the description:
If these files are incorrect, please update the |
|
@samdoran Please review this change, this is my first PR, please pardon me if you find any mistakes. |
|
I would say we need to check 'after' since any check 'before' would be subject to race conditions |
* also consolidated temp dir name generation, added pid for more 'uniqness' * generalize error message * added notes about remote expansion CVE-2020-1733 fixes ansible#67791
* also consolidated temp dir name generation, added pid for more 'uniqness' * generalize error message * added notes about remote expansion CVE-2020-1733 fixes #67791
* also consolidated temp dir name generation, added pid for more 'uniqness' * generalize error message * added notes about remote expansion CVE-2020-1733 fixes ansible#67791 (cherry picked from commit 8077d8e)
* also consolidated temp dir name generation, added pid for more 'uniqness' * generalize error message * added notes about remote expansion CVE-2020-1733 fixes ansible#67791 (cherry picked from commit 8077d8e)
* also consolidated temp dir name generation, added pid for more 'uniqness' * generalize error message * added notes about remote expansion CVE-2020-1733 fixes ansible#67791 (cherry picked from commit 8077d8e)
* also consolidated temp dir name generation, added pid for more 'uniqness' * generalize error message * added notes about remote expansion CVE-2020-1733 fixes #67791 (cherry picked from commit 8077d8e)
* avoid mkdir -p (#68921) * also consolidated temp dir name generation, added pid for more 'uniqness' * generalize error message * added notes about remote expansion CVE-2020-1733 fixes #67791 (cherry picked from commit 8077d8e) * C
* avoid mkdir -p (#68921) * also consolidated temp dir name generation, added pid for more 'uniqness' * generalize error message * added notes about remote expansion CVE-2020-1733 fixes #67791 (cherry picked from commit 8077d8e) * C * Update lib/ansible/plugins/shell/__init__.py Co-Authored-By: Abhijeet Kasurde <akasurde@redhat.com> * adjusted for missing api Co-authored-by: Abhijeet Kasurde <akasurde@redhat.com>
SUMMARY
CVE-2020-1733
We create a temporary directory for the
become_userwithumask 077in/var/tmpwithout first checking if the directory exists and that it has the expected permissions.Relevant code
ansible/lib/ansible/plugins/shell/__init__.py
Lines 159 to 163 in 79dfae9
We need to validate the parent directories are as expected before creating directories in those paths and fail if the permissions and/or ACLs are not what we expect.
ISSUE TYPE
COMPONENT NAME
lib/ansible/plugins/shell/__init__.pyANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS
ACTUAL RESULTS
The text was updated successfully, but these errors were encountered: