8715505e6d
Since commit d07bc25fc2446b2291bcc50bb3e5d4485630e000, it is possible for an untrusted playbook to execute commands on the executor host. This change restores the add_host restriction and white-lists the intended use case. Change-Id: I36cc604c62a50c95260d076a63a53f28b197792d
8 lines
267 B
YAML
8 lines
267 B
YAML
---
|
|
security:
|
|
- |
|
|
The add_host module options are restricted to a hostname, port, user and
|
|
password. Previously, malicious options could be used to bypass protection
|
|
and execute tasks on the executor. Only ssh and kubectl connection
|
|
are authorized.
|