Hello,
I am trying to better understand the security impact a compromised host
managed by puppet could have on our infrastructure.
Suppose an attacker gained root on a machine called 'owned', and we have
this in site.pp:
node owned {
file {'foo':
content => 'puppet:///modules/module_name/foo',
}
}
Will agent running on 'owned' be able to retrieve:
- <modulepath>/module_name/files/bar
- <modulepath>/module_name/manifests
- hiera data (other than what it's supposed to have access to)
Thanks very much,
Vlad
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
