[Pkg-puppet-devel] Bug#567784: puppetmaster - Insists in using password auth via TCP to postgresql
Bastian Blank
waldi at debian.org
Sun Jan 31 12:32:40 UTC 2010
Package: puppetmaster
Version: 0.25.1-3
Severity: important
puppetmaster insists in using a TCP connection to the postgresql server
instead of the UNIX socket. The postgresql library hardcodes "localhost"
to use the UNIX socket and I have explicitely set dbserver to localhost.
This can be a security bug as remote (TCP) access usually a passwort for
the role, while access via UNIX sockets is done without.
Config excerpt:
| [puppetmasterd]
| templatedir=/var/lib/puppet/templates
|
| storeconfigs = true
| thin_storeconfigs = true
| dbadapter = postgresql
| dbname = puppet
| dbserver = localhost
Bastian
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-trunk-amd64 (SMP w/1 CPU core)
Shell: /bin/sh linked to /bin/bash
Versions of packages puppetmaster depends on:
ii facter 1.5.1-0.1 a library for retrieving facts fro
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii puppet 0.25.1-3 centralised configuration manageme
ii ruby1.8 1.8.7.72-3lenny1 Interpreter of object-oriented scr
Versions of packages puppetmaster recommends:
pn libldap-ruby1.8 <none> (no description available)
ii rails 2.2.3-1 MVC ruby based framework geared fo
ii rdoc 4.2 Generate documentation from ruby s
Versions of packages puppetmaster suggests:
pn apache2 | nginx <none> (no description available)
pn mongrel <none> (no description available)
Other packages:
ii libpgsql-ruby1 0.8.0-1 PostgreSQL interface for Ruby 1.8
ii rails 2.2.3-1 MVC ruby based framework geared for web appl
--
It would seem that evil retreats when forcibly confronted.
-- Yarnek of Excalbia, "The Savage Curtain", stardate 5906.5
More information about the Pkg-puppet-devel
mailing list