Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Since the job is running as root, and on people.fedoraproject.org, it

Browse source 
can be abused by a non admin user using a symlink in /tmp (just a
simple for loop over the pid space would be enough).

Then we can at best erase a almost arbitrary file (using a creative
symlink), or at worst, maybe inject data that could be parsed by a
software (since the content would be under the control of a attacker,
since that's the list of file in a user home directories.
This commit is contained in:
Michael Scherer 2016-03-29 18:45:58 +00:00 committed by Kevin Fenzi
parent 02156cb213
commit b811b3daf4
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
roles/clamav/templates/clamscan.sh.j2
View file

@ -6,7 +6,8 @@
LOGFILE="/var/log/clamscan.log" LOGFILE="/var/log/clamscan.log"
MAILTO="{{ clamscan_mailto }}" MAILTO="{{ clamscan_mailto }}"
DAYS=7 DAYS=7
FILELIST="/tmp/clamscan_filelist.$$" TMPCLAMDIR=$(mktemp -d clamav_ansible.XXXXXX)
FILELIST="$TMPCLAMDIR/clamscan_filelist.$$"
rm -f $LOGFILE rm -f $LOGFILE