From ed3e4aff84fb32005d8e91dbf0fd7b134a482486 Mon Sep 17 00:00:00 2001 From: James Cammarata Date: Tue, 20 Aug 2013 12:22:48 -0500 Subject: [PATCH] Place retry file in the user's home dir instead of /var/lib/tmp Addresses CVE-2013-4260: predictable filename used for failed results in world writable directory. --- lib/ansible/playbook/__init__.py | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/lib/ansible/playbook/__init__.py b/lib/ansible/playbook/__init__.py index ed89546be2..3f9130e153 100644 --- a/lib/ansible/playbook/__init__.py +++ b/lib/ansible/playbook/__init__.py @@ -477,13 +477,7 @@ class PlayBook(object): basedir = self.inventory.basedir() filename = "%s.retry" % os.path.basename(self.filename) filename = filename.replace(".yml","") - - if not os.path.exists('/var/tmp/ansible'): - try: - os.makedirs('/var/tmp/ansible') - except: - pass - filename = os.path.join('/var/tmp/ansible', filename) + filename = os.path.join(os.path.expandvars('$HOME/'), filename) try: fd = open(filename, 'w')