039d884e29
We don't ensure the permissions of the fetched file on the download location. Sadly /tmp is a known place where users can write files. This is a problem, as a potential race condition could appear, where get-pip is modifiable on /tmp/ folder by another user, leading to privilege escalation. Change-Id: I041db3412e228efe8a0d9a87f4cfba206482c729 |
||
---|---|---|
.. | ||
configure.yml | ||
install.yml | ||
install_offline.yml | ||
install_online.yml | ||
install_source.yml | ||
main.yml |