Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document security concern for users setting the system_tmpdirs shell … #72213

Merged
merged 1 commit into from
Oct 19, 2020
Merged

Document security concern for users setting the system_tmpdirs shell … #72213

merged 1 commit into from
Oct 19, 2020

Conversation

abadger
Copy link
Contributor

@abadger abadger commented Oct 13, 2020

…plugin config

system_tmpdirs is only meant for systems which officially store their
temporary files in someplace other than /tmp or /var/tmp. Those
types of directories should have been pre-created by the system
administrator (usually by the operating system's setup). There is a
security risk if the user puts a directory that has not been pre-created
into this list so be sure to document not to do that.

ISSUE TYPE
  • Docs Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION

/cc @jborean93 @samdoran for technical review

This should likely get backported as well as setting this to a directory which the sysadmin has not created will open the security issue in all supported versions.

@abadger
Document security concern for users setting the system_tmpdirs shell …
7022721 
…plugin config

system_tmpdirs is only meant for systems which officially store their
temporary files in someplace other than /tmp or /var/tmp.  Those
types of directories should have been pre-created by the system
administrator (usually by the operating system's setup). There is a
security risk if the user puts a directory that has not been pre-created
into this list so be sure to document not to do that.
@ansibot ansibot added affects_2.11 community_review In order to be merged, this PR must follow the community review workflow. docs This issue/PR relates to or includes documentation. needs_triage Needs a first human triage before being processed. support:community This issue/PR relates to code supported by the Ansible community. labels Oct 13, 2020
@abadger
Copy link
Contributor Author

abadger commented Oct 13, 2020

/cc @samccann @acozine to make sure the option's documentation is clear

Akasurde
Akasurde approved these changes Oct 16, 2020
View reviewed changes
Copy link
Member

@Akasurde Akasurde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ansibot ansibot added shipit This PR is ready to be merged by Core and removed community_review In order to be merged, this PR must follow the community review workflow. labels Oct 16, 2020
@samccann samccann removed the needs_triage Needs a first human triage before being processed. label Oct 19, 2020
@samccann samccann merged commit 618d1a3 into ansible:devel Oct 19, 2020
@abadger abadger deleted the system-tmpdirs-security-issues branch October 21, 2020 15:10
@ansible ansible locked and limited conversation to collaborators Nov 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Akasurde Akasurde Akasurde approved these changes

@jborean93 jborean93 jborean93 approved these changes

@samccann samccann samccann approved these changes

Assignees
No one assigned
Labels
affects_2.11 docs This issue/PR relates to or includes documentation. shipit This PR is ready to be merged by Core support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@abadger @Akasurde @jborean93 @samccann @ansibot