[pdm-devel] [PATCH datacenter-manager v3 04/23] server: add probe-tls endpoint
Lukas Wagner
l.wagner at proxmox.com
Thu Aug 21 13:58:19 CEST 2025
On Thu Aug 21, 2025 at 1:55 PM CEST, Dominik Csapak wrote:
>>> + access: {
>>> + permission:
>>> + &Permission::Privilege(&["/"], PRIV_SYS_MODIFY, false),
>>
>> Does it make sense to require SYS_MODIFY here? Technically the user of
>> the PDM API could also probe themselves, since they have the hostname
>> anyway.
>> Is this to limit the abuse potential of some rogue logged-in
>> user hammering other servers with TLS probe requests while 'hiding' behind
>> PDM?
>
> the idea i had here was similar as to how we decided for permissions on
> pve with the query download url api (there we need sys.audit +
> sys.modify on '/' or Sys.AccessNetwork on '/nodes/{node}' which we don't
> have in pdm)
>
> the pdm is potentially in a network segment that is not reachable from
> where the user sits, so the user can potentially probe internal network
> resources. Even if the info leak is not dramatical, enumerating
> ip/hostnames (from the certificate) can be bad.
>
Ah, makes sense. Thanks for the explanation!
More information about the pdm-devel
mailing list