Sorry for the late response.
I think any security concerns are related to the temporary filename that is going to be used would already exist on the target (like Nico's example of creating a…
Are there any changes you want me to make or test for this pull request? Assuming it is acceptable security wise?
Regards,
Mark
Hi Nico,
Let's say we
__file /some/dir/fooand a user has write access to /some/dir and the user can runpson the target system.Thus the user (=attacker) knows our suffix by…
Hi Steven,
True. But in this case there's just no other way. The only alternative would be to execute code in gencode-* instead of code-* which would be even worse.
Completely agree,…
Hi Steven,
Why unclean? Something like this would be pretty ok I think:
Because gencode-local now generates code that runs commands on the target, which should be done by gencode-remote.
…
Hi Steven,
We could off course check ourself if the assumed upload destination already exists and error out before uploading. Then I'd say we're about as safe (or unsafe) as we were…
Hi Steven,
Tried the changes with __cdist_object_marker, and that seems to work fine! I guess it is a bit less secure then running mktemp on the destination as this way you assume there is no…
Hi Nico,
That sounds like a good solution. Would maken for a nice fix for this problem, and also the possibility to clean up the __file type, moving the mv from gencode-local to gencode-remote. …
Hi Nico,
Did a quick test, but when executing the output from gencode-remote I get:
code-remote:stderr
------------------
cat: /var/lib/cdist/object/__file/usr/local/bin/geofilter/.cdi…Hi Nico,
Writing the filename to some place that is also accessable for the remote side would be a great way out of this!
But from what I understood of the documentation is that the code…
Hi Nico,
As far as I know I don't have any specific changes active regadring the use of control sockets on the cdist server. I will look into that to see if there is something wrong there,…
Hi Nico,
No problem, I'll describe the case in more detail. I ran into this issue recently when deploying an filter script which is used to geoblock ssh sessions through hosts.allow.
For…