ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-10-05 16:04:09 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Don't create world-readable module and tempfiles without explicit user permission

Browse source
This commit is contained in:
Toshio Kuratomi 2016-03-21 14:17:53 -07:00
commit 52e9209491
14 changed files with 217 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

15
lib/ansible/plugins/action/unarchive.py
View file

@ -45,8 +45,9 @@ class ActionModule(ActionBase):
result['msg'] = "src (or content) and dest are required"
return result
remote_user = task_vars.get('ansible_ssh_user') or self._play_context.remote_user
if not tmp:
tmp = self._make_tmp_path()
tmp = self._make_tmp_path(remote_user)
if creates:
# do not run the command if the line contains creates=filename
@ -80,17 +81,15 @@ class ActionModule(ActionBase):
if copy:
# transfer the file to a remote tmp location
tmp_src = tmp + 'source'
self._connection.put_file(source, tmp_src)
tmp_src = self._connection._shell.join_path(tmp, 'source')
self._transfer_file(source, tmp_src)
# handle diff mode client side
# handle check mode client side
# fix file permissions when the copy is done as a different user
if copy:
if self._play_context.become and self._play_context.become_user != 'root':
if not self._play_context.check_mode:
self._remote_chmod('a+r', tmp_src)
if copy:
# fix file permissions when the copy is done as a different user
self._fixup_perms(tmp, remote_user, recursive=True)
# Build temporary module_args.
new_module_args = self._task.args.copy()
new_module_args.update(