On May 6, 2025 3:52 pm, Fiona Ebner wrote: > Am 17.02.25 um 13:19 schrieb Daniel Kral: >> Relax the required permissions to query the list of ACME plugins and >> their configurations. Both API endpoints do only read the ACME plugins >> configuration file but does not modify any system state. > > Can't there be secrets in there that should not leak? I.e. the plugin > config file is in /etc/pve/priv, so I'm not sure this should be relaxed. > Even if it doesn't modify the state, it might be too sensitive for > Sys.Audit.
we could maybe do what we do in other index API calls, and restrict the returned information in case Sys.Modify is missing? this would basically entail stripping the 'data' option for DNS plugins (which might contain credentials), everything else should not be sensitive AFAICT.. OTOH, I am not sure there's much benefit to it either ;) the ACME API parts which are still root only are probably more interesting cleanup targets! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
