Skip to content
This repository has been archived by the owner on Feb 7, 2020. It is now read-only.

go-security filesec should validate before trying to cache #16

Closed
vjanelle opened this issue Nov 11, 2018 · 3 comments
Closed

go-security filesec should validate before trying to cache #16

vjanelle opened this issue Nov 11, 2018 · 3 comments
Labels
bug Something isn't working

Comments

@vjanelle
Copy link
Contributor

If you change the whitelists, go-security filesec will reference a cached item and not check the identity in the future.
@vjanelle vjanelle mentioned this issue Nov 11, 2018
Merged
@ripienaar
Copy link
Contributor

Not clear why this is a problem? Can you elaborate?

@vjanelle
Copy link
Contributor Author

@ripienaar if you change the values of plugin.choria.security.certname_whitelist, previously cached certificates will still be allowed through until they're removed from the cache.

vjanelle added a commit to vjanelle/go-security that referenced this issue Nov 12, 2018
@vjanelle
(choria-legacy#16) Validate certificate before attempting to cache it
274360e 
* If you change the allow list, a cached cert will be allowed for non-privileged actions.  This is not intuitive.
* Make tests pass

```
filesec/file_security.go:404: Entry.Errorf format %s arg s.caPath is a func value, not called
```

* Allow list tests to ensure this doesn't happen again
ripienaar added a commit that referenced this issue Nov 12, 2018
@ripienaar
Merge pull request #17 from vjanelle/validate_before_caching
54bd44c 
(#16) Validate before caching
@ripienaar ripienaar added the bug Something isn't working label Nov 12, 2018
@ripienaar ripienaar mentioned this issue Nov 12, 2018
Closed
@ripienaar
Copy link
Contributor

Thank you @vjanelle

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ripienaar @vjanelle