[Pkg-puppet-devel] Bug#518831: default configuration insecure?
Ansgar Burchardt
ansgar at 2008.43-1.org
Thu May 14 00:42:37 UTC 2009
Hi,
isn't it a bit insecure to start puppet by default? If someone can
manipulate DNS replies, he should be able to take over the computer:
just respond to a DNS query for "puppet" with the address of a hostile
puppetmaster and let puppetd connect to it (please correct me if I am
wrong here). If the client did not connect to another puppetmaster
before, it would trust the server thus enabling an attacker to take over
the computer.
This might be a problem if someone installs puppet w/o configuring it
properly.
Regards,
Ansgar
More information about the Pkg-puppet-devel
mailing list