Pillar leakage risk and desync issue

ejparker commented

2022-09-08 16:32:01 -05:00

Owner

Similar to #13, the reliance grains for determining roles creates a leakage risk if an attacker gains access to a minion and is able to modify the grains file. For pillars, the data at risk (currently) isn't anything that needs to be secured, so the threat is very low at the moment.

The bigger problem is that relying on pillar data for roles in state files but grain data for roles in pillars creates desync issues, which can/will cause problems when deploying new servers. Unfortunately since pillars files can't directly reference pillar data (for obvious reasons), an alternative means of pulling in role data from pillar files is needed.

Similar to #13, the reliance grains for determining roles creates a leakage risk if an attacker gains access to a minion and is able to modify the grains file. For pillars, the data at risk (currently) isn't anything that needs to be secured, so the threat is very low at the moment. The bigger problem is that relying on pillar data for roles in state files but grain data for roles in pillars creates desync issues, which can/will cause problems when deploying new servers. Unfortunately since pillars files can't directly reference pillar data (for obvious reasons), an alternative means of pulling in role data from pillar files is needed.

ejparker commented

2022-09-08 16:32:39 -05:00

Author

Owner

fixed with 256d75bc6b

fixed with 256d75bc6b

ejparker closed this issue

2022-09-08 16:32:41 -05:00

actaeuscurabitur referenced this issue from a commit

2022-09-08 16:33:51 -05:00

fixed pillar desync issue #14

Rows
Columns

Pillar leakage risk and desync issue #14