ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-08-22 22:11:44 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Don't create world-readable module and tempfiles without explicit user permission

Browse source
This commit is contained in:
Toshio Kuratomi 2016-03-21 14:17:53 -07:00
commit 52e9209491
14 changed files with 217 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/ansible/plugins/action/assemble.py
View file

@ -98,8 +98,9 @@ class ActionModule(ActionBase):
return result
cleanup_remote_tmp = False
remote_user = task_vars.get('ansible_ssh_user') or self._play_context.remote_user
if not tmp:
tmp = self._make_tmp_path()
tmp = self._make_tmp_path(remote_user)
cleanup_remote_tmp = True
if boolean(remote_src):
@ -146,16 +147,15 @@ class ActionModule(ActionBase):
)
if path_checksum != dest_stat['checksum']:
resultant = file(path).read()
if self._play_context.diff:
diff = self._get_diff_data(dest, path, task_vars)
xfered = self._transfer_data('src', resultant)
remote_path = self._connection._shell.join_path(tmp, 'src')
xfered = self._transfer_file(path, remote_path)
# fix file permissions when the copy is done as a different user
if self._play_context.become and self._play_context.become_user != 'root':
self._remote_chmod('a+r', xfered)
self._fixup_perms(tmp, remote_user, recursive=True)
new_module_args.update( dict( src=xfered,))