cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ansible/docs/docsite
History
Sam Doran 7e4cffc5d2
[stable-2.10] Change default file permissions so they are not world readable (#70221) (#70824) 
* Change default file permissions so they are not world readable

CVE-2020-1736

Set the default permissions for files we create with atomic_move() to 0o0660. Track
which files we create that did not exist and warn if the module supports 'mode'
and it was not specified and the module did not call set_mode_if_different(). This allows the user to take action and specify a mode rather than using the defaults.

A code audit is needed to find all instances of modules that call atomic_move()
but do not call set_mode_if_different(). The findings need to be documented in
a changelog since we are not warning. Warning in those instances would be frustrating
to the user since they have no way to change the module code.

- use a set for storing list of created files
- just check the argument spac and params rather than using another property
- improve the warning message to include the default permissions.
(cherry picked from commit 5260527c4a)

Co-authored-by: Sam Doran <sdoran@redhat.com>
2020-07-23 09:07:18 -07:00
..
_extensions docsite: remove lexers which have been fixed in Pygments 2.4.0 (#57508) 2019-06-18 10:56:33 -05:00
_static Docs: improve anchors vs. header bar (#67244) 2020-02-11 13:16:26 -05:00
_themes/sphinx_rtd_theme Collections docs generation backport (#70515) 2020-07-20 14:28:35 -07:00
js/ansible
rst [stable-2.10] Change default file permissions so they are not world readable (#70221) (#70824) 2020-07-23 09:07:18 -07:00
.gitignore
.nojekyll
ansible_2_5.inv Intersphinx (#68090) 2020-03-06 14:16:35 -08:00
ansible_2_6.inv Intersphinx (#68090) 2020-03-06 14:16:35 -08:00
ansible_2_7.inv Intersphinx (#68090) 2020-03-06 14:16:35 -08:00
ansible_2_8.inv Intersphinx (#68090) 2020-03-06 14:16:35 -08:00
ansible_2_9.inv Intersphinx (#68090) 2020-03-06 14:16:35 -08:00
collection-plugins.yml Collections docs generation backport (#70515) 2020-07-20 14:28:35 -07:00
jinja2.inv Intersphinx (#68090) 2020-03-06 14:16:35 -08:00
keyword_desc.yml Doc backportapalooza 2 (#70440) 2020-07-08 16:05:41 -05:00
Makefile Collections docs generation backport (#70515) 2020-07-20 14:28:35 -07:00
Makefile.sphinx Adds the ability to override the doc build output directory from the command line. (#36604) 2018-02-28 16:01:18 -08:00
modules.js
python2.inv Add a script to update the intersphinx inventory (#66646) 2020-01-22 17:20:02 -05:00
python3.inv Intersphinx (#68090) 2020-03-06 14:16:35 -08:00
README.md reduce docs/docsite/README to essential info (#64287) 2019-11-01 15:35:40 -05:00
requirements.txt Collections docs generation backport (#70515) 2020-07-20 14:28:35 -07:00
variables.dot

README.md

Ansible documentation

This project hosts the source behind docs.ansible.com.

To create clear, concise, and consistent contributions to Ansible documentation, please refer to the following information.

Contributions

Contributions to the documentation are welcome.

The Ansible community produces guidance on contributions, building documentation, and submitting pull requests, which you can find in Contributing to the Ansible Documentation.

You can also join the Docs Working Group.

Ansible style guide

Ansible documentation is written in ReStructuredText(RST). The Ansible style guide provides linguistic direction and technical guidelines for working with reStructuredText, in addition to other resources.

Tools

The Ansible community uses a range of tools and programs for working with Ansible documentation. Learn more about Other Tools and Programs in the Ansible Community Guide.

GitHub

Ansible documentation is hosted on the Ansible GitHub project. For GitHub workflows and other information, see the GitHub Guides.