From 2b8b04638d3d1702dbc711721a82b7e8375e3943 Mon Sep 17 00:00:00 2001
From: Chris Porter <retropc@users.noreply.github.com>
Date: Thu, 31 Mar 2016 22:55:44 +0100
Subject: [PATCH] fix security vulnerability in lxc module

octal/decimal confusion makes file world-writable before executing it
---
 lib/ansible/modules/extras/cloud/lxc/lxc_container.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ansible/modules/extras/cloud/lxc/lxc_container.py b/lib/ansible/modules/extras/cloud/lxc/lxc_container.py
index ab207012329..50d3cedd596 100644
--- a/lib/ansible/modules/extras/cloud/lxc/lxc_container.py
+++ b/lib/ansible/modules/extras/cloud/lxc/lxc_container.py
@@ -571,7 +571,7 @@ def create_script(command):
         f.close()
 
     # Ensure the script is executable.
-    os.chmod(script_file, 1755)
+    os.chmod(script_file, 0700)
 
     # Get temporary directory.
     tempdir = tempfile.gettempdir()