On 5/7/25 11:15, Fabian Grünbichler wrote:
On May 6, 2025 3:52 pm, Fiona Ebner wrote:
Am 17.02.25 um 13:19 schrieb Daniel Kral:
Relax the required permissions to query the list of ACME plugins and
their configurations. Both API endpoints do only read the ACME plugins
configuration file but does not modify any system state.
Can't there be secrets in there that should not leak? I.e. the plugin
config file is in /etc/pve/priv, so I'm not sure this should be relaxed.
Even if it doesn't modify the state, it might be too sensitive for
Sys.Audit.
we could maybe do what we do in other index API calls, and restrict the
returned information in case Sys.Modify is missing? this would basically
entail stripping the 'data' option for DNS plugins (which might contain
credentials), everything else should not be sensitive AFAICT..
OTOH, I am not sure there's much benefit to it either ;)
the ACME API parts which are still root only are probably more
interesting cleanup targets!
I agree, there's not much benefit to lower that here and would just
complicate what is exposed to the API without a user requesting this.
Let's drop this patch then :)
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
