788a40e75c
We greylist some modules in our action plugin blocking allowing them to execute local code as long as it falls within safe constraints. Due to the way ansible module loading works, a user could attack this by creating a module in a local role or adjacent to a playbook that has the same name as one of the modules we allow limited local execution. If they did that it would allow them to execute arbitrary python code on the executor. Find the path of the module that will be executed in these cases and if it is not within the ansible.modules package, disallow it. There are no circumstances in which this is ok. Change-Id: I7499e6b1091d745984ca36179de2793827c9f98f |
||
---|---|---|
.. | ||
main.yaml |