provisioner remote-exec > uploaded commands should be wiped out after exec

[frntn]

When provisioning a server using remote-exec provisioner there is a remaining /tmp/script.sh which contains either :

• for inline argument : all the executed commands
• for script argument : the full script
• for scripts argument : the last script of the array

This can lead to security issue.
This file should be deleted by default.

[mitchellh]

The issue is that Terraform doesn't know how to delete the file. It uses SCP to upload it and SCP doesn't have a "delete" mode. We can reupload another file to take the place of it, but we can't delete without knowing the system that is there.

I think we can just reupload a blank file.

[frntn]

The blank file seems to meet the (minimal) requirements for me too.

[eppdot]

What about appending a script as last component that deletes itself?

[frntn]

LGTM

Considering the following user provided script

$ cat <<EOF >/tmp/script.sh
#!/bin/bash
echo "provisioner remote-exec script : I do something..."
EOF

$ chmod +x /tmp/script.sh

$ ls -l /tmp/script.sh
-rwxrwxr-x 1 frntn frntn 70 Apr 22 14:11 /tmp/script.sh

Terraform can append a autodelete command (try shred / fallback to rm)

$ cat <<EOF >>/tmp/script.sh
command -v shred >/dev/null && shred -uxz \$(readlink -f \$0) || rm -f \$(readlink -f \$0)
EOF

$ sh -c '/tmp/script.sh'
provisioner remote-exec script : I do something...

$ ls -l /tmp/script.sh
ls: cannot access /tmp/script.sh: No such file or directory

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.