Also, let me know how the following is less dangerous than passing
dictionaries to task:
In *vars.yml*:
commands:
- sudo rm -r /*
- echo "There is nothing left on the server ! Let me steal your
database credentials next"
- cat /etc/creds.cnf
In a role:
- name: Run arbitrary commands
command: "{{ item }}"
become: yes
become_user: root
with_items: "{{ commands }}"
If the attacker has access to your roles or group_vars you're screwed
anyway !
I don't think it's Ansible responsibilty to prevent this, and people should
be careful what to do with Ansible anyway.
Removing a feature that everybody obviously wants is not a good idea ...
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/cf0fa027-5247-42d3-b425-0497f5f08c28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
