Actions
Architecture #15109
open
Rudder should not have exec binaries in /var, it conflicts with security best practices
Architecture #15109:
Rudder should not have exec binaries in /var, it conflicts with security best practices
Pull Request:
Effort required:
Medium
Name check:
Fix check:
Regression:
No
Description
In Rudder, we have executable binaries in /var/rudder/cfengine-community/bin/ (like cf-agent etc).
This conflict with security best practice, particlarly mounting /var in noexec.
Moreover, binaries in /var/rudder/cfengine-community/bin/ are duplicated and they are also in /opt/rudder/bin/
Subtasks
Updated by Alexis Mousset over 6 years ago
They are not duplicated anymore in 5.1 (replaced by a symlink). Only using /opt/rudder/bin would require changing in CFEngine behavior, so would require (maybe quite large) architecural changes.
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 6.0.0~beta1 to 6.0.0
- Priority changed from 32 to 62
Updated by Benoît PECCATTE over 6 years ago
- Effort required set to Medium
- Priority changed from 62 to 45
Updated by Alexis Mousset over 6 years ago
- Target version changed from 6.0.0 to 6.0.1
Updated by Alexis Mousset about 6 years ago
- Target version changed from 6.0.1 to 6.1.0~beta1
- Priority changed from 45 to 22
Updated by Alexis Mousset almost 6 years ago
- Target version changed from 6.1.0~beta1 to 6.2.0~beta1
- Priority changed from 22 to 21
Updated by François ARMAND over 5 years ago
- User visibility changed from Infrequent - complex configurations | third party integrations to Operational - other Techniques | Rudder settings | Plugins
- Priority changed from 21 to 25
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 6.2.0~beta1 to 6.2.0~rc1
- Priority changed from 25 to 49
Updated by François ARMAND over 5 years ago
- Target version deleted (
6.2.0~rc1)
Updated by François ARMAND about 4 years ago
- Tracker changed from Bug to Architecture
- Severity deleted (
Critical - prevents main use of Rudder | no workaround | data loss | security) - User visibility deleted (
Operational - other Techniques | Rudder settings | Plugins) - Priority deleted (
49)
Updated by Elaad FURREEDAN about 1 year ago
- Regression set to No
I affect system updated plugins report to that are not sent
Updated by Elaad FURREEDAN about 1 year ago
- Subtask #26052 added
Updated by Elaad FURREEDAN about 1 year ago
- Priority changed from N/A to To review
Updated by Nicolas CHARLES about 1 year ago
- Target version set to 8.3.0~alpha1
Targeting to 8.3, and hopefully we'll be able to backport some
Updated by Nicolas CHARLES about 1 year ago
- Priority changed from To review to N/A
Updated by Vincent MEMBRÉ about 1 year ago
- Target version changed from 8.3.0~alpha1 to 8.3.0~beta1
Updated by Vincent MEMBRÉ about 1 year ago
- Target version changed from 8.3.0~beta1 to 8.3.0~rc1
Updated by Vincent MEMBRÉ 11 months ago
- Target version changed from 8.3.0~rc1 to 8.3.0
Updated by Vincent MEMBRÉ 11 months ago
- Target version changed from 8.3.0 to 8.3.1
Updated by Vincent MEMBRÉ 10 months ago
- Target version changed from 8.3.1 to 8.3.2
Updated by Vincent MEMBRÉ 9 months ago
- Target version changed from 8.3.2 to 8.3.3
Updated by Félix DALLIDET 8 months ago
- Target version changed from 8.3.3 to 8.3.4
Updated by Vincent MEMBRÉ 6 months ago
- Target version changed from 8.3.4 to 8.3.5
Updated by Vincent MEMBRÉ 5 months ago
- Target version changed from 8.3.5 to 8.3.6
Updated by Vincent MEMBRÉ 4 months ago
- Target version changed from 8.3.6 to 8.3.7
Updated by Vincent MEMBRÉ 3 months ago
- Target version changed from 8.3.7 to 8.3.8
Updated by Vincent MEMBRÉ 3 months ago
- Target version changed from 8.3.8 to 8.3.9
Updated by Vincent MEMBRÉ 24 days ago
- Target version changed from 8.3.9 to 8.3.10
Actions