Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

os_hardening: /tmp privs erroneously apply as 03361 #803

Open
shaunsmiley-xevo opened this issue Oct 8, 2024 · 1 comment
Open

os_hardening: /tmp privs erroneously apply as 03361 #803

shaunsmiley-xevo opened this issue Oct 8, 2024 · 1 comment
Labels
bug

Comments

@shaunsmiley-xevo
Copy link

Description

It appears that 1777 is interpreted as decimal, and gets converted to 03361 octal.
The workaround is to override these default vars to '01777'.

Reproduction steps

Run the role with defaults.

Current Behavior

TASK [devsec.hardening.os_hardening : Harden permissions for directory of mount /tmp] ***********************************************************************
--- before
+++ after
@@ -1,2 +1,2 @@
-mode: '01777'
+mode: '03361'
 path: /tmp

Expected Behavior

It should keep the 1777 default setting.

OS / Environment

Provide all relevant information below, e.g. target OS versions, network device firmware, etc.

Ansible Version

ansible [core 2.15.9]
...
  python version = 3.11.8 (main, Feb  6 2024, 21:21:21) [GCC 12.3.0]
  jinja version = 3.1.3
  libyaml = True


### Collection Version

```Shell
9.0.1

Additional information

No response
@rndmh3ro
Copy link
Member

rndmh3ro commented Oct 9, 2024

I am unable to reproduce this.

[~/.../os_hardening]: (master *%)
> cat test.yaml
- hosts: localhost
  tasks:
    - file:
        path: /tmp
        mode: "1777"
        state: directory

:[~/.../os_hardening]: (master *%)
> ansible-playbook test.yaml --diff

PLAY [localhost] ***********************************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [file] ****************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

PLAY RECAP *****************************************************************************************************************************************************************************************************************************************************
localhost                  : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

basti:[~/.../os_hardening]: (master *%)
> ls -lsah /
   0 drwxrwxrwt  18 root  root   780  9. Okt 08:52 tmp
  • What OS do you harden where this happens?
  • If you change os_mnt_tmp_dir_mode: "1777" to os_mnt_tmp_dir_mode: '01777' it works?
  • Can you provide a reproduction test case?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rndmh3ro @shaunsmiley-xevo