Issue #22064 has been updated by Rob Reynolds.
We don't want to not create the folder, as that could give a potential security issue as well. Facter only checks for the existence of a folder. Any user could create a folder that doesn't exist in that directory. Then they could drop whatever they wanted into the folder. So we would need to create the folder and lock it down. That would avoid any other potential security risks that might arise. ---------------------------------------- Bug #22064: Potential Local Escalation issue with Facts.d folder for executable facts on Windows https://projects.puppetlabs.com/issues/22064#change-96030 * Author: Rob Reynolds * Status: In Topic Branch Pending Review * Priority: High * Assignee: Rob Reynolds * Category: * Target version: 1.7.3 * Keywords: windows * Branch: https://github.com/puppetlabs/puppet_for_the_win/pull/49 * Affected Facter version: ---------------------------------------- When we enable executable facts, we need to ensure the facts.d folder is locked down by the installer. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
