Thanks to both for the suggestions. Mark
On Sunday, September 28, 2014 3:40:37 AM UTC-5, Igor Khomyakov wrote: > > Absolutely it fitted perfectly > > -- Best, Igor > 27 сент. 2014 г. 18:18 пользователь "Michael DeHaan" <[email protected] > <javascript:>> написал: > >> I'm a big fan of the "script" module when you need to push and run a tiny >> shell script. >> >> http://docs.ansible.com/script_module.html >> >> >> >> On Sat, Sep 27, 2014 at 3:04 AM, Igor Homyakov <[email protected] >> <javascript:>> wrote: >> >>> Hi Mark, >>> >>> I think this is not a good idea to use one liner such that. There are >>> many players except bash interpreter, yaml parser, python string >>> quotation and so forth. I would recommend you to you use a bash script >>> in this case >>> >>> I've made a simple role, it is based and code samples you provided I >>> hope you will find it useful >>> https://github.com/hostmaster/check_shellshock >>> >>> -- Best, Igor >>> >>> On Sat, Sep 27, 2014 at 6:02 AM, Mark Casey <[email protected] >>> <javascript:>> wrote: >>> > Oh... the official source of the commands was: >>> > https://access.redhat.com/articles/1200223, but someone was nice >>> enough to >>> > combine them in: >>> https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c47 >>> > >>> > >>> > On Friday, September 26, 2014 9:00:57 PM UTC-5, Mark Casey wrote: >>> >> >>> >> I'm trying to write an Ansible task to check for both CVE-2014-6271 >>> and >>> >> CVE-2014-7169 as I haven't been able to find one pre-made. >>> >> >>> >> This command should check both but for the life of me I can't get the >>> >> escaped single quote past the parser... I've tried some variants of >>> "shell: >>> >> >" and "shell: |" but no dice. >>> >> >>> >> >>> >>> - name: Check for shellshock fix (checks for both CVE-2014-6271 and >>> >>> CVE-2014-7169) >>> >>> shell: cd /tmp && rm -f /tmp/echo && env 'x=() { :;}; echo >>> vulnerable' >>> >>> 'f=() { (a)=>\' bash -c 'echo echo vulnerable'; cat echo >>> >>> args: >>> >>> executable: /bin/bash >>> >>> sudo: no >>> >>> register: shellshock_result2 >>> >>> changed_when: False >>> >>> failed_when: "'vulnerable' in shellshock_result2.stderr" >>> >> >>> >> >>> >> This version gives: >>> >> >>> >>> ERROR: There was an error while parsing the task "shell cd /tmp && >>> rm -f >>> >>> /tmp/echo && env 'x=() { :;}; echo vulnerable' 'f=() { (a)=>\\' bash >>> -c >>> >>> 'echo echo vulnerable'; cat echo". >>> >>> Make sure quotes are matched or escaped properly >>> >> >>> >> >>> >> >>> >> I'm assuming the issue is that, if I understand correctly, the second >>> >> exploit partly depends on the mismatched quote arriving unharmed(?) >>> and YAML >>> >> thinks that is bad(?). >>> >> >>> >> Anyone have any ideas or should I just copy it over as a script and >>> run >>> >> that? >>> >> >>> >> Thank you, >>> >> Mark >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups >>> > "Ansible Project" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an >>> > email to [email protected] <javascript:>. >>> > To post to this group, send email to [email protected] >>> <javascript:>. >>> > To view this discussion on the web visit >>> > >>> https://groups.google.com/d/msgid/ansible-project/c40d456b-8d1b-40f4-b0a5-95ce4cebe359%40googlegroups.com >>> . >>> > >>> > For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> To post to this group, send email to [email protected] >>> <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CAGuansqODOOhR_u84L%3DKwU1Voc30HXBVGD6BuDxAfkt5uwa%3D8Q%40mail.gmail.com >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxAE19OMPFCvWim%3DP5jv%2BFOjhEbrBpt3_Oo3vkr_P6XEw%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxAE19OMPFCvWim%3DP5jv%2BFOjhEbrBpt3_Oo3vkr_P6XEw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fcdc5f47-98f6-49c3-a57a-80e69b358176%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
