On Tue, Aug 27, 2013 at 2:41 PM, jcbollinger <[email protected]> wrote: > The client can provide a $::hostname fact that is different from the > certname it presents, but that is perfectly valid and expected under some > circumstances. It is possible that a client doing so is thereby able to > exploit weaknesses in (user-provided) manifest files required anyway for its > catalog, thereby extracting information to which it is not intended to have > access, but that is possible to some degree or another with any fact. It > does not constitute a flaw in Puppet itself, but rather in the manifests in > question.
That's roughly what I recall. So, in less words: from a security perspective, do not count on Puppet only serving the right config for the host. It is a very flimsy security boundary. cheers, m -- [email protected] - ask interesting questions - don't get distracted with shiny stuff - working code first ~ http://docs.moodle.org/en/User:Martin_Langhoff -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.
