[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security of CFINPUTS

From: Mark . Burgess
Subject: Re: Security of CFINPUTS
Date: Tue, 15 May 2001 17:30:14 +0200 (MET DST)

On 15 May, Robert Shaw wrote:
> On Tue, May 15, 2001 at 10:35:58AM +0200, Mark Burgess wrote:
>> I am planning to make a change in cfengine 2 whereby, if CFINPUTS
>> is not set, cfengine will look for input files in /var/cfengine/inputs.
>> (/var/run/cfengine is deprecated, since some OSes clear /var/run
>> on reboot)
>> Since cfengine checks the permissions and ownership of files before
>> accepting (and will additionally authenticate them cryptographically in
>> future), this seems like a reasonable feature, which could simplify
>> setup.
>> Does anyone have any arguments against this?
> FYI, we use /etc/cfengine/inputs for our default. Isn't that what cfengine
> uses by default anyway currently?
> -Robert

Yes, but I'm thinking of collecting everything into one place.

It's not the name of the directory that's important, but whether
automatically looking for files in a possibly untrusted location
might be dangerous somehow. Cfengine attempts to secure the
area before using anything, but is there something I have not


Work: +47 22453272            Email:  address@hidden
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark

reply via email to

[Prev in Thread] Current Thread [Next in Thread]