Don't create world-readable module and tempfiles without explicit user permission

2025-04-25 11:51:26 -07:00 · 2016-03-21 14:17:53 -07:00 · 2016-03-21 14:17:53 -07:00 · 52e9209491
commit 52e9209491
parent 0cabef19ad
14 changed files with 217 additions and 78 deletions
--- a/lib/ansible/plugins/action/async.py
+++ b/lib/ansible/plugins/action/async.py
@ -38,8 +38,9 @@ class ActionModule(ActionBase):
            result['msg'] = 'check mode not supported for this module'
            return result

+        remote_user = task_vars.get('ansible_ssh_user') or self._play_context.remote_user
        if not tmp:
-            tmp = self._make_tmp_path()
+            tmp = self._make_tmp_path(remote_user)

        module_name = self._task.action
        async_module_path  = self._connection._shell.join_path(tmp, 'async_wrapper')
@ -54,15 +55,25 @@ class ActionModule(ActionBase):
        # configure, upload, and chmod the target module
        (module_style, shebang, module_data) = self._configure_module(module_name=module_name, module_args=module_args, task_vars=task_vars)
        self._transfer_data(remote_module_path, module_data)
-        self._remote_chmod('a+rx', remote_module_path)

        # configure, upload, and chmod the async_wrapper module
        (async_module_style, shebang, async_module_data) = self._configure_module(module_name='async_wrapper', module_args=dict(), task_vars=task_vars)
        self._transfer_data(async_module_path, async_module_data)
-        self._remote_chmod('a+rx', async_module_path)

        argsfile = self._transfer_data(self._connection._shell.join_path(tmp, 'arguments'), json.dumps(module_args))

+        self._fixup_perms(tmp, remote_user, execute=True, recursive=True)
+        # Only the following two files need to be executable but we'd have to
+        # make three remote calls if we wanted to just set them executable.
+        # There's not really a problem with marking too many of the temp files
+        # executable so we go ahead and mark them all as executable in the
+        # line above (the line above is needed in any case [although
+        # execute=False is okay if we uncomment the lines below] so that all
+        # the files are readable in case the remote_user and become_user are
+        # different and both unprivileged)
+        #self._fixup_perms(remote_module_path, remote_user, execute=True, recursive=False)
+        #self._fixup_perms(async_module_path, remote_user, execute=True, recursive=False)
+
        async_limit = self._task.async
        async_jid   = str(random.randint(0, 999999999999))