On Sat, Mar 28, 2020 at 7:31 AM Henrik Lindberg <henrik.lindb...@puppet.com> wrote:
> On 2020-03-28 02:42, Matt Zagrabelny wrote: > > Greetings, > > > > Suppose I have a class foo that host A gets via its catalog. Suppose > > host B does not have foo in its catalog. Can host B do anything > > malicious to obtain the sensitive data in foo? > > > > My puppet master is using an ENC to generate the classification of each > > host and then a roles + profiles design pattern and hiera for specific > data. > > > > Thanks for any hints or answers! > > > > It is important that your server side logic uses $trusted when > classifying on node since other facts cannot be trusted. > > If B is compromised a malicious user could spoof facts in a request and > pretend to be A. It cannot however spoof the certificate - and it > contains the information that is in $trusted. > > Hey Henrik, Thanks for the reply! Suppose I don't use any facts for classification, but only the ENC assigns a role to the node via its fqdn. Class foo which comes through the role and profiles via the ENC has sensitive files in its "modules/foo/files/" path. Can B obtain those files if B is not classified to have foo in its catalog? Thank you for the help! -m -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOLfK3VJytS_F%2Ban0dr-ya4Vf4GuhAxAYDS%2BbkudM8L6YzmuWw%40mail.gmail.com.
