On Sun, 8 Jun 2014 11:21:45 +0200
Till Maas <opensource(a)till.name> wrote:
Yes, I thought about it some more as well. This might indeed be a
problem. I see two kind of attacks. The one you describe is only
interesting for someone who is able to run ansible for a host but does
not have root access to the host. If it is possible to specify a
non-privileged port (e.g. 1234), the attacker can run its own SSH
server there to get access to all information sent by ansible but
only for the host the attacker has already access to. The required
privileges are:
- Being able to login to a host
- Being able to run playbooks for a host
- Being able to specify the port for ansible to connect to
The attacker does not gain any advantage if they have already root
access to the host.
And I think in all cases currently they do. At least they should... ie,
docs can run the docs-backend playbook, and also have sudo access on
that machine.
kevin