Forum: CFEngine Help Subject: extraneous key storage Author: werkt Link to topic: https://cfengine.com/forum/read.php?3,24658,24658#msg-24658
I've noticed that some extraneous public keys have started appearing in my cf clients after an upgrade to 3.2.3 from 3.0. One is hazardous to a non-root client, the other seems benign but non-useful. Benign: The final SavePublicKey section in AuthenticateAgent in a cf-agent client writes a key whose filename based on digest does not match a public key used earlier to establish a connection between the server and client - this was verified through strace, where the file is only created if it does not exist and never opened for read. This key recreates itself on every connection to the server. Hazardous: The LinkOrCopy of localhost.pub to a root-identified public key creates a key which will match an assumed root connection on the same host, resulting in the overwrite of the pubkey with the root pubkey, and since the key is the same inode as the localhost.pub (in my case at least), will destroy the rsa pubkey for future handshaking. I have modified this code to use username, and have also modified ServerConnection to use root as the remote instead of using the current user. Have patch, will travel. I know using cfengine as non-root is not a high priority, but this seems to be precarious at best. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
