Skip to content
Browse files

set trustkey=false in default failsafe policy to avoid spoofing attacks

  • Loading branch information...
1 parent 5d9cca1 commit 04d1fd94538cc5b2ea0ad346a99a0c9b1d40312a @estenberg estenberg committed Apr 4, 2012
Showing with 3 additions and 1 deletion.
  1. +2 −0 ChangeLog
  2. +1 −1 masterfiles/failsafe.cf
View
2 ChangeLog
@@ -67,6 +67,8 @@
privileges anymore.
- cf_promises_validated now filled with timestamp, allows digest-copy
for policy instead of mtime copy which is safer when clocks are unsynchronised
+ - The bundled failsafe.cf policy now has trustkey=false to avoid IP spoofing
+ attacks in default policy
- See the full list of bugfixes at
https://cfengine.com/bugtracker/changelog_page.php
View
2 masterfiles/failsafe.cf
@@ -191,7 +191,7 @@ body copy_from u_rcp(from,server)
{
source => "$(from)";
compare => "digest";
- trustkey => "true";
+ trustkey => "false";
!am_policy_hub::

0 comments on commit 04d1fd9

Please sign in to comment.
Something went wrong with that request. Please try again.