[pve-devel] [RFC manager 3/3] fix #6094: api: acme: allow to get plugin info with Sys.Audit on /
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed May 7 11:15:41 CEST 2025
On May 6, 2025 3:52 pm, Fiona Ebner wrote:
> Am 17.02.25 um 13:19 schrieb Daniel Kral:
>> Relax the required permissions to query the list of ACME plugins and
>> their configurations. Both API endpoints do only read the ACME plugins
>> configuration file but does not modify any system state.
>
> Can't there be secrets in there that should not leak? I.e. the plugin
> config file is in /etc/pve/priv, so I'm not sure this should be relaxed.
> Even if it doesn't modify the state, it might be too sensitive for
> Sys.Audit.
we could maybe do what we do in other index API calls, and restrict the
returned information in case Sys.Modify is missing? this would basically
entail stripping the 'data' option for DNS plugins (which might contain
credentials), everything else should not be sensitive AFAICT..
OTOH, I am not sure there's much benefit to it either ;)
the ACME API parts which are still root only are probably more
interesting cleanup targets!
More information about the pve-devel
mailing list