On Sun, 8 Jun 2014 11:21:45 +0200 Till Maas <opensource@xxxxxxxxx> wrote: > Yes, I thought about it some more as well. This might indeed be a > problem. I see two kind of attacks. The one you describe is only > interesting for someone who is able to run ansible for a host but does > not have root access to the host. If it is possible to specify a > non-privileged port (e.g. 1234), the attacker can run its own SSH > server there to get access to all information sent by ansible but > only for the host the attacker has already access to. The required > privileges are: > > - Being able to login to a host > - Being able to run playbooks for a host > - Being able to specify the port for ansible to connect to > > The attacker does not gain any advantage if they have already root > access to the host. And I think in all cases currently they do. At least they should... ie, docs can run the docs-backend playbook, and also have sudo access on that machine. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
