Hi Jaska, On Fri, Feb 15, 2013 at 12:13 PM, Jaska Kivelä <jkiv...@gmail.com> wrote:
> Hello. > > We are a bit concerned about the way Puppet runs the ERB templates. It is > hard coded that they be run on $SAFE level 0. > This means that whatever Ruby code someone decides to write in a template > will be run with the full privileges of the > puppet server user on the puppet server. We would like to grant access to > our customers to write their own modules, > but this fact makes it impossible. Would it be possible to have the safe > level configurable? > > You would need to control much more than just the ERB templates, there are also custom functions and types which are loaded from modules. Even once you do that, the safe mode itself would not protect the server from malicious or naive code such as looping forever or consuming memory. Can you explain a bit about the setup and workflow that you envision for allowing customers to write modules and run them on a master. From the way you are asking the question, I assume that you would not have a master per customer, but instead a single master that would have an environment per customer. Is that right? Could you explain a bit about how you see this being used, how customers would get their code in (would there be a review process, or would it be implicitly trusted), what kinds of resources on the master should be available to the customer (e.g. each customer's modules has access to a portion of the filesystem for some operations), would there be different "trust" levels of code running for the same customer (e.g. code you write has full access, but code the customer writes has limited access)? As Luke said, this is a hard change to make. We've also been thinking about using JRuby on the master, which AFAIK doesn't support $SAFE, but does have the JVM security mechanisms available. > Thank you, > > -jk > > > -- > Nam in omnibus fere minus valent praecepta quam experimenta. -Quintilian > > Jaska Kivelä | Cybercom Finland | gsm 040 576 2988 > j...@cybercom.com | Pakkahuoneenaukio 2 A | fax 010 665 3060 > specialist | PL 13, 33201 TAMPERE | OCP - RHCE - JNCIA > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-dev+unsubscr...@googlegroups.com. > To post to this group, send email to puppet-dev@googlegroups.com. > Visit this group at http://groups.google.com/group/puppet-dev?hl=en. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To post to this group, send email to puppet-dev@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-dev?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
