Modify

Ticket #529 (closed defect: fixed)

Opened 11 years ago

Last modified 10 years ago

public groups combined with dynamic groups implicitly makes probed groups public

Reported by: bcfg2@… Owned by: desai
Priority: major Milestone: Bcfg2 1.0.0 Release
Component: bcfg2-client Version:
Keywords: Cc:

Description

There is unexpected behavior if you combine a public group with dynamic, probed groups - the probed groups are effectively now public. I believe dynamic group membership should be suppressed when a public group is specified.

  1. create a public group
  2. create a probe that returns group membership (e.g., 'group:gutsy')
  3. connect from a new client, specifying the public group w/ 'bcfg2 -p <groupname>'; this client should also be detected by the dynamic groups probe

You'll see the entries for both the specified public group are used, as well as the dynamic group. This could be exploited by a malicious client by forcing the probe to return the configuration info for a certain group, e.g., - 'group:kdc'

Attachments

Change History

comment:1 Changed 11 years ago by solj

  • Milestone set to Bcfg2 1.0 Release

comment:2 Changed 10 years ago by desai

  • Status changed from new to closed
  • Resolution set to fixed

WARNING! You need to establish a session before you can create or edit tickets. Otherwise the ticket will get treated as spam.

View

Add a comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
The resolution will be deleted. Next status will be 'reopened'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.