Uploaded image for project: 'Puppet Agent'
  1. Puppet Agent
  2. PA-2075

Windows install corrupting permissions

    Details

    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      The previous version of the Windows Puppet agent installer had an internal MSI property resolution issue that could be triggered when a requesting that msiexec install the same version of the Puppet agent package that was already installed on the node. In those rare instances, and when combined with the permission resetting code introduced in PA-2019 as a response to CVE-2018-6513, the Puppet agent package could execute `takeown.exe` and `icacls.exe` against the filesystem root (`C:\`), resulting in incorrectly rewritten permissions across the filesystem.

      Using the Chocolatey package provider to perform an in-place upgrade of the Puppet package during a Puppet run, which is the workflow used by Foreman, most commonly triggered this behavior.

      This version of Puppet agent resolves both of these problems by implementing a workaround of the MSI property resolution issue and making the PA-2019 permission resetting code more defensive.
      Show
      The previous version of the Windows Puppet agent installer had an internal MSI property resolution issue that could be triggered when a requesting that msiexec install the same version of the Puppet agent package that was already installed on the node. In those rare instances, and when combined with the permission resetting code introduced in PA-2019 as a response to CVE-2018-6513, the Puppet agent package could execute `takeown.exe` and `icacls.exe` against the filesystem root (`C:\`), resulting in incorrectly rewritten permissions across the filesystem. Using the Chocolatey package provider to perform an in-place upgrade of the Puppet package during a Puppet run, which is the workflow used by Foreman, most commonly triggered this behavior. This version of Puppet agent resolves both of these problems by implementing a workaround of the MSI property resolution issue and making the PA-2019 permission resetting code more defensive.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Users are reporting that the agent install on Windows is corrupting permissions. See comments in: https://chocolatey.org/packages/puppet-agent

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  ethan Ethan Brown
                  Reporter:
                  bradejr Rob Braden
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  22 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: