ansible

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

Sam Doran 0199b1cf05 [stable-2.9] Change default file permissions so they are not world readable (#70221 ) (#70825 ) * [stable-2.9] Change default file permissions so they are not world readable (#70221) * Change default file permissions so they are not world readable CVE-2020-1736 Set the default permissions for files we create with atomic_move() to 0o0660. Track which files we create that did not exist and warn if the module supports 'mode' and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults. A code audit is needed to find all instances of modules that call atomic_move() but do not call set_mode_if_different(). The findings need to be documented in a changelog since we are not warning. Warning in those instances would be frustrating to the user since they have no way to change the module code. - use a set for storing list of created files - just check the argument spac and params rather than using another property - improve the warning message to include the default permissions. (cherry picked from commit `5260527c4a`) Co-authored-by: Sam Doran <sdoran@redhat.com> * Fix jboss test * Fix lamdba_policy test * Fix aws_lamdba test * Fix warning for new default permissions when mode is not specified (#70976) Follow up to #70221 Related to #67794 CVE-2020-1736 When set_mode_if_different() is called with mode of 'None', ensure we issue a warning about the change in default permissions. Add integration tests to ensure the warning works properly. * Fix tests - actually use custom module 🤦‍♂️ - verify file permission on created files - use remote_tmp_dir so we're ready for split controller - improve test module so we can skip the call to set_fs_attributes_if_different() - fix tests for CentOS 6 (cherry-picked from commit `dc79528cc6`) * Use new category in changelog fragments		5 years ago
..
cli	galaxy - preserve symlinks on build/install (#69959 ) (#69994 )	6 years ago
compat	Move unit test compat code out of `lib/ansible/`. (#46996 )	7 years ago
config	Fix inline vaults for plugins in ensure_type (#67492 ) (#67741 )	6 years ago
contrib	Fix vmware_inventory unit tests so they run.	7 years ago
errors	Add better error when k=v syntax is used with YAML in tasks (#41754 )	7 years ago
executor	[stable-2.9] Fix filedescriptor out of range in select() when running commands (#65058 ) (#69517 )	6 years ago
galaxy	galaxy - preserve symlinks on build/install (#69959 ) (#69994 )	6 years ago
inventory_test_data/group_vars	Merge branch 'v2_final' into devel_switch_v2	11 years ago
mock	Move unit test compat code out of `lib/ansible/`. (#46996 )	7 years ago
module_utils	[stable-2.9] Change default file permissions so they are not world readable (#70221 ) (#70825 )	5 years ago
modules	[eos] [2.9] [backport] Turn on eapi by default. (#70119 )	6 years ago
parsing	Add a representer for AnsibleUnsafeBytes (#62598 )	6 years ago
playbook	Fix IncludedFile equality check (#69524 ) (#69885 )	6 years ago
plugins	Make filter type errors 'loop friendly' (#70417 ) (#70575 )	6 years ago
regex	Add toggle to control invalid character substitution in group names (#52748 )	7 years ago
template	[stable-2.9] Do not treat AnsibleUndefined as being unsafe (#65202 ) (#65427 )	6 years ago
utils	fix get_data on case_insensitive fs (#69955 )	6 years ago
vars	Fix inventory cache interface (#50446 )	7 years ago
__init__.py	Add empty-init code-smell script. (#18406 )	9 years ago
requirements.txt	[stable-2.9] Fix ansible-test collections requirements installation. (#62181 )	6 years ago
test_constants.py	1st part of ansible config, adds ansible-config to view/manage configs (#12797 )	9 years ago
test_context.py	Unit tests: remove unused imports (#59740 )	7 years ago