On 2020-03-28 14:36, Matt Zagrabelny wrote:
>
>
> On Sat, Mar 28, 2020 at 7:31 AM Henrik Lindberg
> <
henrik....@puppet.com <mailto:
henrik....@puppet.com>> wrote:
>
> On 2020-03-28 02:42, Matt Zagrabelny wrote:
> > Greetings,
> >
> > Suppose I have a class foo that host A gets via its catalog. Suppose
> > host B does not have foo in its catalog. Can host B do anything
> > malicious to obtain the sensitive data in foo?
> >
> > My puppet master is using an ENC to generate the classification
> of each
> > host and then a roles + profiles design pattern and hiera for
> specific data.
> >
> > Thanks for any hints or answers!
> >
>
> It is important that your server side logic uses $trusted when
> classifying on node since other facts cannot be trusted.
>
> If B is compromised a malicious user could spoof facts in a request and
> pretend to be A. It cannot however spoof the certificate - and it
> contains the information that is in $trusted.
>
>
> Hey Henrik,
>
> Thanks for the reply!
>
> Suppose I don't use any facts for classification, but only the ENC
> assigns a role to the node via its fqdn.
>