New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd.run is available to the pillar renderer - a potential security vulnerability #40586
Comments
While I think this is a legitimate concern I can also argue that pillar content should only come from a trusted source. |
Thanks @thatch45 I would like to see an option that would limit the pillar renderer to a white-list of modules. For example we only ever use |
Yes, I think this would be wise |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue. |
Still important to fix. |
Thank you for updating this issue. It is no longer marked as stale. |
While the source might be trusted in terms of managing the infrastructure targeted by those Pillars, it might be not trusted at all to have access to the Master. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue. |
Still important. I do not see any documentation limiting pillar rendering. This should be fixed or Salt should declare pillar authoring privilege to be the same as master privilege. If the latter is chosen it should be clearly documented. |
Description of Issue/Question
cmd.run is available to the pillar renderer. This essentially gives anybody with access author a pillar access to run any command on the salt-master.
Steps to Reproduce Issue
pillar
Versions Report
The text was updated successfully, but these errors were encountered: