[Pkg-puppet-devel] Starting puppet agent by default
Russ Allbery
rra at debian.org
Mon Aug 5 16:52:15 UTC 2013
Stig Sandbeck Mathisen <ssm at debian.org> writes:
> I've set the "puppet" service to start by default in the packaging
> repository.
> This is to make sure we have concistency no matter which init system is
> used. The puppet agent will make an SSL key and csr, and exit by itself
> unless it manages to contact a master, and receive a signed SSL
> certificate.
There was a specific reason why this wasn't done. Originally (I haven't
checked if this was still the case), the upstream software came configured
to use a default Puppet master of "puppet" in the local domain. So, if
it's started by default, someone installs it out of curiosity, and an
attacker has the ability to create or spoof a node named "puppet" in the
system's local domain, the attacker sets up that system to autosign your
certificate and then feeds you a manifest to install whatever they would
like on your system.
I think there needs to be some human verification that the Puppet master
is actually the one that you want to be talking to before the Puppet
client is willing to start modifying your system based on random things
handed to it over the network.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-puppet-devel
mailing list