ansible-collection-hardening icon indicating copy to clipboard operation
ansible-collection-hardening copied to clipboard

Published 20 hours ago verified publisher icon dev-sec

os_hardening: /tmp privs erroneously apply as 03361

Open shaunsmiley-xevo opened this issue 1 year ago • 1 comments

Description

It appears that 1777 is interpreted as decimal, and gets converted to 03361 octal. The workaround is to override these default vars to '01777'.

Reproduction steps

Run the role with defaults.

Current Behavior

TASK [devsec.hardening.os_hardening : Harden permissions for directory of mount /tmp] ***********************************************************************
--- before
+++ after
@@ -1,2 +1,2 @@
-mode: '01777'
+mode: '03361'
 path: /tmp

Expected Behavior

It should keep the 1777 default setting.

OS / Environment

Provide all relevant information below, e.g. target OS versions, network device firmware, etc.

Ansible Version

ansible [core 2.15.9]
...
  python version = 3.11.8 (main, Feb  6 2024, 21:21:21) [GCC 12.3.0]
  jinja version = 3.1.3
  libyaml = True



### Collection Version

```Shell
9.0.1

Additional information

No response

shaunsmiley-xevo avatar Oct 08 '24 23:10 shaunsmiley-xevo