Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-2030

Peculiar usage of connection variables in cf-serverd access_rules

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Open
    • Priority: High
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: cf-serverd
    • Labels:
      None

      Description

      "Mentioned by xrg":https://groups.google.com/d/msg/dev-cfengine/B-cJl3pO7FQ/nZt62xkEc2wJ in dev-cfengine mailing list.

      In short what is the meaning of the following ACL:
      <pre>
      "/some/dir/$(connection.hostname)"
      admit_ips =>

      { "$(connection.ip)" }

      ;
      </pre>

      Currently this will admit the file /some/dir/reverse_dns_of_the_host to the host's IP, so everybody will get access to the relevant file. It's the same as having "0.0.0.0/0" in the "admit" list.

      This is not the intended usage of the connection variables, and the outcome (admit everyone) might be unexpected. Should it be prohibited in the syntax? Should it mean something else?

        Attachments

          Activity

            People

            • Assignee:
              a10038 jimis (Dimitrios Apostolou)
              Reporter:
              a10038 jimis (Dimitrios Apostolou)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:

                Summary Panel