SSH connection plugin creates ControlPersist socket files in a secure directory

Files were being created in /tmp, but will now be created in $HOME/.ansible/cp/ Addresses CVE-2013-4259: ansible uses a socket with predictable filename in /tmp
2026-05-07 05:42:50 +00:00 · 2013-08-20 12:03:50 -05:00
parent ae98a025bb
commit 6bf5d19506
2 changed files with 33 additions and 5 deletions
--- a/lib/ansible/utils/init.py
+++ b/lib/ansible/utils/init.py
@@ -193,18 +193,34 @@ def is_executable(path):
            or stat.S_IXGRP & os.stat(path)[stat.ST_MODE]
            or stat.S_IXOTH & os.stat(path)[stat.ST_MODE])

-def prepare_writeable_dir(tree):
+def unfrackpath(path):
+    ''' 
+    returns a path that is free of symlinks, environment
+    variables, relative path traversals and symbols (~)
+    example:
+    '$HOME/../../var/mail' becomes '/var/spool/mail'
+    '''
+    return os.path.normpath(os.path.realpath(os.path.expandvars(os.path.expanduser(path))))
+
+def prepare_writeable_dir(tree,mode=0777):
    ''' make sure a directory exists and is writeable '''

-    if tree != '/':
-        tree = os.path.realpath(os.path.expanduser(tree))
+    # modify the mode to ensure the owner at least
+    # has read/write access to this directory
+    mode |= 0700
+
+    # make sure the tree path is always expanded
+    # and normalized and free of symlinks
+    tree = unfrackpath(tree)
+
    if not os.path.exists(tree):
        try:
-            os.makedirs(tree)
+            os.makedirs(tree, mode)
        except (IOError, OSError), e:
            exit("Could not make dir %s: %s" % (tree, e))
    if not os.access(tree, os.W_OK):
        exit("Cannot write to path %s" % tree)
+    return tree

 def path_dwim(basedir, given):
    '''