Place retry file in the user's home dir instead of /var/lib/tmp

Addresses CVE-2013-4260: predictable filename used for failed results in world writable directory.

Place retry file in the user's home dir instead of /var/lib/tmp
Addresses CVE-2013-4260: predictable filename used for failed results in world writable directory.
d5948d59 · James Cammarata · b33ca492 · d5948d59
Commit d5948d59 authored Aug 20, 2013 by James Cammarata
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 7 deletions

lib/ansible/playbook/__init__.py
+1 -7

No files found.
--- a/lib/ansible/playbook/__init__.py
+++ b/lib/ansible/playbook/__init__.py
@@ -447,13 +447,7 @@ class PlayBook(object):
        basedir = self.inventory.basedir()
        filename = "%s.retry" % os.path.basename(self.filename)
        filename = filename.replace(".yml","")
-
-        if not os.path.exists('/var/tmp/ansible'):
-            try:
-                os.makedirs('/var/tmp/ansible')
-            except:
-                pass
-        filename = os.path.join('/var/tmp/ansible', filename)
+        filename = os.path.join(os.path.expandvars('$HOME/'), filename)

        try:
            fd = open(filename, 'w')