Feature #1489

More security with remote filebuckets

Added by Lawrence Ludwig almost 4 years ago. Updated about 1 month ago.

Status:Accepted Start date:08/03/2008
Priority:Low Due date:
Assignee:- % Done:

0%
Category:fileserving
Target version:3.X
Affected Puppet version:0.24.4 Branch:
Keywords:filebucket
Votes: 0

Description

Right now the remote filebucket is too limiting. The biggest issue is security with files uploaded to puppetmater’s filebucket. In our case different clients have access to different VPS instances. They should not be able to see or get info from the puppetmaster.

If using the filebucket setup and storing files, another server/VPS could gain access to those stored files. Meaning the files stored are not tied to the server, so only that server can retrieve it from the filebucket

ie

node00 stores a file on the puppetmaster

  $ filebucket backup /etc/passwd --server=puppet
  /etc/passwd: 429b225650b912a2ee067b0a4cf1e949

node01 can retrieve the file if it knows the md checksum.

  $ filebucket restore /tmp/passwd 429b225650b912a2ee067b0a4cf1e949 --server=puppet

Granted guessing md checksum is pretty hard, but I’m assuming they can get that info from a log file.

This is BAD and the file retrieved could have sensitive information. I propose the filebucket stores also the node the files came from and a possible option to allow selected clients to retrieve info not matching their cert.

Related issues

related to Puppet - Feature #1091: filebucket should store hostname Accepted
related to Puppet - Feature #1049: Create interface for navigating filebucket Accepted

History

#1
Updated by James Turnbull almost 4 years ago

  • Category set to fileserving
  • Status changed from Unreviewed to Accepted
  • Target version set to 0.25.0
  • Keywords set to filebucket

#2
Updated by James Turnbull almost 4 years ago

  • Priority changed from Normal to Low

See notes for #1091 and #1049.

#3
Updated by Luke Kanies over 3 years ago

  • Target version changed from 0.25.0 to 2.6.0

Bump.

#4
Updated by James Turnbull over 2 years ago

  • Target version changed from 2.6.0 to 2.7.x

#5
Updated by Nigel Kersten about 1 year ago

  • Target version changed from 2.7.x to 3.X

#6
Updated by Ken Barber about 1 month ago

So a workaround for this issue could be to modify your auth.conf to allow writes from all agents, but only reads from the master & dashboard nodes. I tested the following auth.conf snippet on my own hosts and it seems to work, but I’d love verification.

Obviously this is just a partial snippet, so don’t just replace your auth.conf with these contents, instead include them in the correct place – before /file :–).

# ... snip ...

# Allow everone to save their file buckets
path /file_bucket_file
method save
allow *

# Allow dashboard  & puppetmaster access
path /file_bucket_file
method find, search
allow dashboard,puppet

# Stop everyone else from restoring files
path /file_bucket_file
method find, search
auth any

# This _must_ follow the file_bucket_file entries above

# inconditionnally allow access to all files services
# which means in practice that fileserver.conf will
# still be used
path /file
allow *

# ... snip ...

Also available in: Atom PDF