diff options
| author | Brian Coca <bcoca@users.noreply.github.com> | 2019-04-17 12:08:51 -0400 |
|---|---|---|
| committer | Toshio Kuratomi <a.badger@gmail.com> | 2019-04-23 20:25:31 -0600 |
| commit | d73da98ecf84b58c68b63f4e272efba86e7dd770 (patch) | |
| tree | 248f3c5ef102a1affe9068ccbc93616924066f4e | |
| parent | 6d8b124e161b70453bc3cc3c634bbdee263d5915 (diff) | |
| download | ansible-d73da98ecf84b58c68b63f4e272efba86e7dd770.tar.gz | |
Ensure discovery unsafe (#55295)
* Ensure safe discovery by marking it Unsafe
(cherry picked from commit 24b44e1772a1c0cdc4985cc159c824cc3a611a17)
| -rw-r--r-- | changelogs/fragments/ensure_discovery_unsafe.yml | 3 | ||||
| -rw-r--r-- | lib/ansible/plugins/action/__init__.py | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/changelogs/fragments/ensure_discovery_unsafe.yml b/changelogs/fragments/ensure_discovery_unsafe.yml new file mode 100644 index 0000000000..10a001a021 --- /dev/null +++ b/changelogs/fragments/ensure_discovery_unsafe.yml @@ -0,0 +1,3 @@ +bugfixes: + - SECURITY Fixed the python interpreter detection, added in 2.8.0alpha1, to properly mark the returned data as untemplatable. + This prevents a malicious managed machine from running code on the controller via templating. diff --git a/lib/ansible/plugins/action/__init__.py b/lib/ansible/plugins/action/__init__.py index ba70552bf1..8eb198a78f 100644 --- a/lib/ansible/plugins/action/__init__.py +++ b/lib/ansible/plugins/action/__init__.py @@ -29,7 +29,7 @@ from ansible.module_utils._text import to_bytes, to_native, to_text from ansible.parsing.utils.jsonify import jsonify from ansible.release import __version__ from ansible.utils.display import Display -from ansible.utils.unsafe_proxy import wrap_var +from ansible.utils.unsafe_proxy import wrap_var, AnsibleUnsafeText from ansible.vars.clean import remove_internal_keys display = Display() @@ -203,11 +203,11 @@ class ActionBase(with_metaclass(ABCMeta, object)): environment=final_environment) break except InterpreterDiscoveryRequiredError as idre: - self._discovered_interpreter = discover_interpreter( + self._discovered_interpreter = AnsibleUnsafeText(discover_interpreter( action=self, interpreter_name=idre.interpreter_name, discovery_mode=idre.discovery_mode, - task_vars=task_vars) + task_vars=task_vars)) # update the local task_vars with the discovered interpreter (which might be None); # we'll propagate back to the controller in the task result |