8715505e6d
Since commit d07bc25fc2, it is possible
for an untrusted playbook to execute commands on the executor host.
This change restores the add_host restriction and white-lists the
intended use case.
Change-Id: I36cc604c62a50c95260d076a63a53f28b197792d
8 lines
267 B
YAML
8 lines
267 B
YAML
---
|
|
security:
|
|
- |
|
|
The add_host module options are restricted to a hostname, port, user and
|
|
password. Previously, malicious options could be used to bypass protection
|
|
and execute tasks on the executor. Only ssh and kubectl connection
|
|
are authorized.
|