Merge pull request #1590 from edx/cg/shellshock3

Round 3 of shellshock updates

Merge pull request #1590 from edx/cg/shellshock3
Round 3 of shellshock updates
a9dfd495 · John Jarvis · 22f63ea8 · 327f010d · a9dfd495
Commit a9dfd495 authored Sep 29, 2014 by John Jarvis
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 5 deletions

playbooks/roles/security/tasks/security-ubuntu.yml
+2 -5

No files found.
--- a/playbooks/roles/security/tasks/security-ubuntu.yml
+++ b/playbooks/roles/security/tasks/security-ubuntu.yml
 #### Bash security vulnerability

 - name: Check if we are vulnerable
-  shell: executable=/bin/bash chdir=/tmp env X='() { (a)=>\' bash -c "echo echo check"; [[ "$(cat echo)" == "check" ]] && echo "vulnerable"
+  shell: executable=/bin/bash chdir=/tmp foo='() { echo vulnerable; }' bash -c foo
  register: test_vuln
  ignore_errors: yes

@@ -9,11 +9,8 @@
  apt: name=bash state=latest update_cache=true
  when: "'vulnerable' in test_vuln.stdout"

- name: Delete check file
-  file: path=/tmp/echo state=absent
-
 - name: Check again and fail if we are still vulnerable
-  shell: executable=/bin/bash chdir=/tmp env X='() { (a)=>\' bash -c "echo echo check"; [[ "$(cat echo)" == "check" ]] && echo "vulnerable"
+  shell: executable=/bin/bash foo='() { echo vulnerable; }' bash -c foo
  when: "'vulnerable' in test_vuln.stdout"
  register: test_vuln
  failed_when: "'vulnerable' in test_vuln.stdout"