From 0a85e91329d4c048e7e4b2cd478f2c17a3dac988 Mon Sep 17 00:00:00 2001 From: Brian Coca Date: Mon, 13 Apr 2020 17:16:29 -0400 Subject: [PATCH 1/4] avoid mkdir -p (#68921) * also consolidated temp dir name generation, added pid for more 'uniqness' * generalize error message * added notes about remote expansion CVE-2020-1733 fixes #67791 (cherry picked from commit 8077d8e40148fe77e2393caa5f2b2ea855149d63) --- changelogs/fragments/remote_mkdir_fix.yml | 2 ++ lib/ansible/plugins/action/__init__.py | 11 ++++++++--- lib/ansible/plugins/shell/__init__.py | 14 ++++++++++---- lib/ansible/plugins/shell/powershell.py | 2 ++ 4 files changed, 22 insertions(+), 7 deletions(-) create mode 100644 changelogs/fragments/remote_mkdir_fix.yml --- /dev/null +++ b/changelogs/fragments/remote_mkdir_fix.yml @@ -0,0 +1,2 @@ +bugfixes: + - Ensure we get an error when creating a remote tmp if it already exists. CVE-2020-1733 --- a/lib/ansible/plugins/action/__init__.py +++ b/lib/ansible/plugins/action/__init__.py @@ -340,7 +340,11 @@ class ActionBase(with_metaclass(ABCMeta, else: # NOTE: shell plugins should populate this setting anyways, but they dont do remote expansion, which # we need for 'non posix' systems like cloud-init and solaris - tmpdir = self._remote_expand_user(self.get_shell_option('remote_tmp', default='~/.ansible/tmp'), sudoable=False) + try: + tmpdir = self._connection._shell.get_option('remote_tmp') + except AnsibleError: + tmpdir = '~/.ansible/tmp' + tmpdir = self._remote_expand_user(tmpdir, sudoable=False) become_unprivileged = self._is_become_unprivileged() basefile = self._connection._shell._generate_temp_dir_name() --- a/lib/ansible/plugins/shell/__init__.py +++ b/lib/ansible/plugins/shell/__init__.py @@ -79,6 +79,10 @@ class ShellBase(AnsiblePlugin): def _generate_temp_dir_name(): return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48)) + @staticmethod + def _generate_temp_dir_name(): + return 'ansible-tmp-%s-%s-%s' % (time.time(), os.getpid(), random.randint(0, 2**48)) + def env_prefix(self, **kwargs): return ' '.join(['%s=%s' % (k, shlex_quote(text_type(v))) for k, v in kwargs.items()])