diff options
author | Tristan Cacqueray <tdecacqu@redhat.com> | 2020-02-24 22:24:53 +0000 |
---|---|---|
committer | Tristan Cacqueray <tdecacqu@redhat.com> | 2020-02-27 17:15:55 +0000 |
commit | 0684df0dd191427d000f0cee2e18ccdc07f5f3c8 (patch) | |
tree | 8c94b1973a817d95cdce62eba6635595172cccd6 /releasenotes/notes/restrict-host-vars-ff64f960009da244.yaml | |
parent | 88d86848636a675da682dcdb0e3d0e806922f7a4 (diff) | |
download | zuul-0684df0dd191427d000f0cee2e18ccdc07f5f3c8.tar.gz |
executor: blacklist dangerous ansible host vars3.17.0
This change prevents malicious user to use dangerous ansible
variable through host vars by using extra vars to force the
default with highest variables precedence .
Change-Id: Iaf5679bbfa43ff05d1d466106aa32d17c23c1f51
Diffstat (limited to 'releasenotes/notes/restrict-host-vars-ff64f960009da244.yaml')
-rw-r--r-- | releasenotes/notes/restrict-host-vars-ff64f960009da244.yaml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/releasenotes/notes/restrict-host-vars-ff64f960009da244.yaml b/releasenotes/notes/restrict-host-vars-ff64f960009da244.yaml new file mode 100644 index 000000000..48b21b4e0 --- /dev/null +++ b/releasenotes/notes/restrict-host-vars-ff64f960009da244.yaml @@ -0,0 +1,6 @@ +--- +security: + - | + The add_host module attributes that can be used to bypass localhost + command execution are now also blacklisted using extra-vars to prevent + abuse through untrusted host_vars. |