periodic error when retrieving binary files from warewulf database #531
Comments
|
Yes... the '%{' can sometimes get matched. We've considered putting in a
'type' on files, so say something like:
wwsh file set myBin --type=binary
And then adding extra handling in file.pl for checking the type before it
attempts substitution.
But that's all still floating around as an idea ATM.
…-J
On Mon, Aug 28, 2017 at 1:12 PM, crbaird ***@***.***> wrote:
When cgi-bin/file.pl attempts dynamic variable replacement on files
stored in the database, binary files will occasionally match the
substitution string, resulting in a garbage file being served. We saw this
periodically when provisioning munge keys to compute nodes.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#531>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AA5zostr-OItW295ygfEVESsl0qwGyf5ks5scwL6gaJpZM4PE3jO>
.
|
crbaird
added a commit
that referenced
this issue
Aug 28, 2017
|
Thanks, @jmstover. How offensive is adding a 'binary' format to the file object? |
|
It's mostly adding another attribute to the file objects (File.pm), and
handlers in Module/Cli/File.pm. Then the corresponding code to pull the
$fileObj->type() (or whatever), and do the "right thing" in file.pl.
Not awful... I've added this in:
warewulf/warewulf3#68
…-J
On Mon, Aug 28, 2017 at 2:28 PM, crbaird ***@***.***> wrote:
Thanks, @jmstover <https://github.com/jmstover>. How offensive is adding
a 'binary' format to the file object?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#531 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AA5zohcAwiyNizbXUWYaxSuUM-FFXHLlks5scxTEgaJpZM4PE3jO>
.
|
|
@crbaird Just an FYI, provisioning a munge key (or any secret credential) via Warewulf's files mechanism is insecure. It's trivial for anyone on the same network as the Warewulf server to fetch any file without authentication, and we're not using TLS. |
|
Temporary fix will hold until feature becomes available in upstream |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When cgi-bin/file.pl attempts dynamic variable replacement on files stored in the database, binary files will occasionally match the substitution string, resulting in a garbage file being served. We saw this periodically when provisioning munge keys to compute nodes.
The text was updated successfully, but these errors were encountered: