diff options
| author | Evgeni Golov <evgeni@golov.de> | 2016-04-02 10:20:42 +0200 |
|---|---|---|
| committer | Toshio Kuratomi <a.badger@gmail.com> | 2016-04-02 01:20:42 -0700 |
| commit | 7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3 (patch) | |
| tree | f439bcac5bba8d9ef056576f5240487c2903787f /cloud/lxc | |
| parent | f710908574fc1935852e534b67ed1e173ffde6ec (diff) | |
| download | ansible-modules-extras-7c3999a92a1cd856ff9bc8913a93ff1aee8bffc3.tar.gz | |
do not use a predictable filenames in the LXC plugin
* do not use a predictable filename for the LXC attach script
* don't use predictable filenames for LXC attach script logging
* don't set a predictable archive_path
this should prevent symlink attacks which could result in
* data corruption
* data leakage
* privilege escalation
Diffstat (limited to 'cloud/lxc')
| -rw-r--r-- | cloud/lxc/lxc_container.py | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/cloud/lxc/lxc_container.py b/cloud/lxc/lxc_container.py index adacece5..ae583fe4 100644 --- a/cloud/lxc/lxc_container.py +++ b/cloud/lxc/lxc_container.py @@ -144,7 +144,7 @@ options: description: - Path the save the archived container. If the path does not exist the archive method will attempt to create it. - default: /tmp + default: null archive_compression: choices: - gzip @@ -557,13 +557,8 @@ def create_script(command): import subprocess import tempfile - # Ensure that the directory /opt exists. - if not path.isdir('/opt'): - os.mkdir('/opt') - - # Create the script. - script_file = path.join('/opt', '.lxc-attach-script') - f = open(script_file, 'wb') + (fd, script_file) = tempfile.mkstemp(prefix='lxc-attach-script') + f = os.fdopen(fd, 'wb') try: f.write(ATTACH_TEMPLATE % {'container_command': command}) f.flush() @@ -573,14 +568,11 @@ def create_script(command): # Ensure the script is executable. os.chmod(script_file, 0700) - # Get temporary directory. - tempdir = tempfile.gettempdir() - # Output log file. - stdout_file = open(path.join(tempdir, 'lxc-attach-script.log'), 'ab') + stdout_file = os.fdopen(tempfile.mkstemp(prefix='lxc-attach-script-log')[0], 'ab') # Error log file. - stderr_file = open(path.join(tempdir, 'lxc-attach-script.err'), 'ab') + stderr_file = os.fdopen(tempfile.mkstemp(prefix='lxc-attach-script-err')[0], 'ab') # Execute the script command. try: @@ -1747,7 +1739,6 @@ def main(): ), archive_path=dict( type='str', - default='/tmp' ), archive_compression=dict( choices=LXC_COMPRESSION_MAP.keys(), @@ -1755,6 +1746,9 @@ def main(): ) ), supports_check_mode=False, + required_if = ([ + ('archive', True, ['archive_path']) + ]), ) if not HAS_LXC: |