Linux and BSD derivatives do not allow unprivileged users to
"give away" files to others for security reasons. (System V
derivatives allow that but they're rare nowadays.)
The run_command module function will now poll stdout/stderr for
data rather than using the builtin command communicate(), which can
hang under certain circumstances.
Fixes#7452Fixes#7748Fixes#8163
* Strip lookup calls out of inventory variables and clean unsafe data
returned from lookup plugins (CVE-2014-4966)
* Make sure vars don't insert extra parameters into module args and prevent
duplicate params from superseding previous params (CVE-2014-4967)
The distro version is a string ('jessie/sid') on Debian unstable and testing.
Because load_platform_subclass() evaluations every subclass as it loops,
comparing numbers when get_distribution_version() does not return a number will
break.
This patch fixes that by returning a number (`0`) when we have an invalid
version, instead of returning `None` or a string.
The new CentOS 7 beta lists the distribution as "CentOS Linux", which
breaks the distribution detection and class loading. This patch fixes
that by taking just the first entry in the string when a space is
detected.
If the module directory is not writable/executable to the current user
(most likely because of a sudo to a non-root user), the ssh_wrapper
will be created in the default location for mkstemp() calls. To facilitate
the deletion of these new files, a new mechanism for cleaning up files
created by the module was also added.
Fixes#7375
This is a corner case for remote file systems that don't support
chown() and where the source and destination for the atomic_move
are on that remote file system.
Fixes#7372
Previously, we set the LANG (and LC_CTYPE) environment variables
directly in the module code and applied them with os.environ().
Instead, we are now pre-pending those variables to the environment
string used to execute the command which allows the user to
override the localization values by setting the environment values
directly (even on a per-task basis):
- subversion: repo=file:///path/to/repos/svn_über dest=/tmp/svntest
environment:
LANG: "C"
LC_CTYPE: "en_US.UTF-8"
So if a user wishes to default their LANG back to C, they can still
avoid unicode issues by doing the above.
Fixes#7060
On some very old simplejson does not support the 'encoding' and give
following exception:
TypeError: __init__() got an unexpected keyword argument 'encoding'
This fix runs json.dump with no encoding key (such as before #a023cb) on
TypeError exception only.
- unified set attribute functions ... not sure why 2 identical functions
exist with diff names, now there are 3 while i repoint all modules to 1
- fixed issue with symlinks being created w/o existing src when force=no
- refactored conditionals, simplified where possible
- added tests for symlink to nonexistant source, with both force options
- made symlink on existing attomic (force)
