Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 2 May 2015 05:54:33 +0200
From: Michael Scherer <misc@...b.org>
To: oss-security@...ts.openwall.com
Cc: security@...ible.com
Subject: CVE Request / Ansible: insecure permission on a directory when
 using spacewalk inventory

Hi,

Could a CVE be assigned for this problem :

Ansible inventory script for spacewalk create a file in the current
directory with incorrect permission due to a error in a chmod specification.

https://github.com/ansible/ansible/blob/devel/plugins/inventory/spacewalk.py#L63

In python, os.chmod need to be in octal, and 2755 is not octal. 
So in the end, we manage to have permission like this :

d-ws-w-rwt.

And o+rw and u+s kinda sound bad. The directory is created in $PWD if 
I read the code right, so that's likely the homedir of 1 admin.
However, that's executed locally, or from a bastion, so there
isn't much venue to attack ( even if shared shell server still exist nowadays ),
and this requires to use spacewalk.

I pushed a commit there :
https://github.com/mscherer/ansible/commit/251197f11de7c7a3c5d81141970dd8f2ef16c0ee

I will wait for a CVE to be assigned before fixing the commit message, and push a 
PR ( cause i am quite bothered when I cannot find the CVE in the commit message)

-- 
Michael Scherer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ