Comment 1 for bug 1496277
Revision history for this message
| Steven Hardy (shardy) wrote Re: template-validate may read server local files | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Note I raised this private security initially so we can discuss how this should be handled - AFAICT there's no way for this to be actively exploited, but the sort of risk I'm worried about is e.g if someone tried to pass a path to a hiera yaml file on the heat server box, where the hieradata could contain sensitive information. I don't think there's any way for validation to fail such as to expose that data, but it'd be good to get some more eyes on the code to prove that is the case (if so this can probably be public security IMO).