Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-7580

Exec resource exposing Sensitive data

    XMLWordPrintable

    Details

    • Template:
      PUP Bug Template
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Puppet will no longer leak sensitive data into the resourcefile.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Currently the namvar attribute of the exec resource is assigned to the command attribute.
      meaning the name of the resource when printed into resources.txt is the executed parameter.

      This could be considered a security issue, but also makes it difficult to name resources uniquely.
      A request for a name attribute or the ability to use the title as the namevar.

      This is an issue when running puppet agent or puppet apply --write-catalog-summary.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              kris.bosland Kris Bosland
              Reporter:
              martin.ewings Marty Ewings
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support