#1154: Allow signed manifests to eliminate single point of compromise
-------------------------+--------------------------------------------------
Reporter: jgoldschrafe | Owner: community
Type: enhancement | Status: new
Priority: normal | Component: library
Version: | Severity: normal
Keywords: | Stage: Unreviewed
Patch: None | Complexity: Unknown
-------------------------+--------------------------------------------------
Puppet, like all configuration management systems, suffers from the
possibility of being a single point of compromise, allowing arbitrary
instructions to be run on all hosts accessing the Puppetmaster if a
malicious manifest is crafted. Since the goal of Puppet more or less
necessitates Puppet running as root on client systems, the amount of
damage capable of being inflicted on client nodes is virtually limitless,
and some optional extra precautions should be provided in order to limit
the damage capable of being caused by a single rooted Puppetmaster.
Signed manifests appear to be the easiest and most intuitive way to
accomplish this. Like GPG-signed packages, they ensure that Puppet
manifests have come from an authenticated source. By verifying the
signature on manifests coming from the server, clients may verify that
packages have been approved by the organization owning the Puppet server.
--
Ticket URL: <http://reductivelabs.com/trac/puppet/ticket/1154>
puppet <http://reductivelabs.com>
Puppet - Portable System Automation
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
