Displaying 1 result from an estimated 1 matches for "some_fact".
Did you mean:
home_fact
2013 Jan 22
6
Security considerations for basing decisions on facts
Hello,
Let''s consider the scenario when a client node in a puppet environment
gets compromised.
In case some of the puppet modules make decisions based on agent facts,
these modules are potentially exposed to abuse from the malicious puppet
agent.
For example, if a class has:
if $some_fact == ''some value'' {
# deploy some configuration
}
then the compromised node could send falsified value of that fact to
obtain configuration that potentially contains secrets (private keys,
passwords, etc) that was meant only for other nodes.
AFAIK, the only authenticated piece of...