Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent roles from using symlinks to overwrite files outside of the installation directory #81780

Merged
merged 3 commits into from Sep 26, 2023
Merged

Prevent roles from using symlinks to overwrite files outside of the installation directory #81780

merged 3 commits into from Sep 26, 2023

Conversation

sivel
Copy link
Member

@sivel sivel commented Sep 26, 2023

SUMMARY

Prevent roles from using symlinks to overwrite files outside of the installation directory

CVE-2023-5115

ISSUE TYPE
  • Bugfix Pull Request
ADDITIONAL INFORMATION

@ansibot ansibot added bug This issue/PR relates to a bug. needs_triage Needs a first human triage before being processed. labels Sep 26, 2023
@bcoca bcoca removed the needs_triage Needs a first human triage before being processed. label Sep 26, 2023
@sivel sivel requested a review from mattclay September 26, 2023 15:27
@sivel sivel merged commit ddf0311 into ansible:devel Sep 26, 2023
78 checks passed
sivel added a commit to sivel/ansible that referenced this pull request Sep 26, 2023
@sivel
[stable-2.16] Prevent roles from using symlinks to overwrite files ou…
a29ea39 
…tside of the installation directory (ansible#81780)

* Sanitize linkname during role installs

* Add tests

* add clog frag
(cherry picked from commit ddf0311)

Co-authored-by: Matt Martz <matt@sivel.net>
sivel added a commit to sivel/ansible that referenced this pull request Sep 26, 2023
@sivel
[stable-2.15] Prevent roles from using symlinks to overwrite files ou…
e118cc0 
…tside of the installation directory (ansible#81780)

* Sanitize linkname during role installs

* Add tests

* add clog frag.
(cherry picked from commit ddf0311)

Co-authored-by: Matt Martz <matt@sivel.net>
sivel added a commit to sivel/ansible that referenced this pull request Sep 26, 2023
@sivel
[stable-2.14] Prevent roles from using symlinks to overwrite files ou…
1121d31 
…tside of the installation directory (ansible#81780)

* Sanitize linkname during role installs

* Add tests

* add clog frag.
(cherry picked from commit ddf0311)

Co-authored-by: Matt Martz <matt@sivel.net>
sivel added a commit to sivel/ansible that referenced this pull request Sep 26, 2023
@sivel
[stable-2.13] Prevent roles from using symlinks to overwrite files ou…
638f598 
…tside of the installation directory (ansible#81780)

* Sanitize linkname during role installs

* Add tests

* add clog frag.
(cherry picked from commit ddf0311)

Co-authored-by: Matt Martz <matt@sivel.net>
sivel added a commit that referenced this pull request Sep 27, 2023
@sivel
[stable-2.13] Prevent roles from using symlinks to overwrite files ou…
820dae4 
…tside of the installation directory (#81780) (#81787)

* [stable-2.13] Prevent roles from using symlinks to overwrite files outside of the installation directory (#81780)

* Sanitize linkname during role installs

* Add tests

* add clog frag.
(cherry picked from commit ddf0311)

Co-authored-by: Matt Martz <matt@sivel.net>

* Update syntax for py3.8
sivel added a commit that referenced this pull request Sep 27, 2023
@sivel
[stable-2.14] Prevent roles from using symlinks to overwrite files ou…
6809f98 
…tside of the installation directory (#81780) (#81786)

* Sanitize linkname during role installs

* Add tests

* add clog frag.
(cherry picked from commit ddf0311)
sivel added a commit that referenced this pull request Sep 27, 2023
@sivel
[stable-2.15] Prevent roles from using symlinks to overwrite files ou…
1e93068 
…tside of the installation directory (#81780) (#81785)

* Sanitize linkname during role installs

* Add tests

* add clog frag.
(cherry picked from commit ddf0311)
sivel added a commit that referenced this pull request Sep 27, 2023
@sivel
[stable-2.16] Prevent roles from using symlinks to overwrite files ou…
fffb3c4 
…tside of the installation directory (#81780) (#81783)

* Sanitize linkname during role installs

* Add tests

* add clog frag
(cherry picked from commit ddf0311)
@s-hertel s-hertel mentioned this pull request Oct 17, 2023
Closed
@HarryWeppner HarryWeppner mentioned this pull request Oct 17, 2023
Closed
@dmick dmick mentioned this pull request Oct 25, 2023
Closed
1 task
@ansible ansible locked and limited conversation to collaborators Dec 14, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mattclay mattclay mattclay approved these changes

@bcoca bcoca bcoca approved these changes

Assignees
No one assigned
Labels
bug This issue/PR relates to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sivel @mattclay @bcoca @ansibot