Bug #32827
Set sendmail location and arguments via puppet/installer
Status:
Closed
Priority:
Normal
Assignee:
Category:
Foreman modules
Target version:
-
Difficulty:
Triaged:
No
Description
We have a setting to set sendmail location/arguments in the UI/CLI/API however this brought some issues with security:
https://github.com/theforeman/foreman/pull/8599#issuecomment-863225804
As a better long term solution, it would be great to set both settings in settings.yaml via puppet, they automatically override UI and there is a warning info icon informing users that the setting is read only and editable only via settings.yaml.
Related issues
Associated revisions
History
#1
Updated by Ewoud Kohl van Wijngaarden almost 2 years ago
- Related to Bug #32753: CVE-2021-3584: Remote code execution through Sendmail configuration added
#2
Updated by The Foreman Bot almost 2 years ago
- Assignee set to Ewoud Kohl van Wijngaarden
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/puppet-foreman/pull/961 added
#3
Updated by Ewoud Kohl van Wijngaarden almost 2 years ago
- Assignee deleted (
Ewoud Kohl van Wijngaarden) - Status changed from Ready For Testing to New
- Pull request deleted (
https://github.com/theforeman/puppet-foreman/pull/961)
Testing bot integration
#4
Updated by The Foreman Bot almost 2 years ago
- Assignee set to Ewoud Kohl van Wijngaarden
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/puppet-foreman/pull/961 added
#5
Updated by Ewoud Kohl van Wijngaarden almost 2 years ago
- Status changed from Ready For Testing to New
- Pull request deleted (
https://github.com/theforeman/puppet-foreman/pull/961)
Again, apologies for the spam.
#6
Updated by Ewoud Kohl van Wijngaarden almost 2 years ago
- Assignee deleted (
Ewoud Kohl van Wijngaarden)
#7
Updated by The Foreman Bot almost 2 years ago
- Assignee set to Ewoud Kohl van Wijngaarden
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/puppet-foreman/pull/961 added
#8
Updated by The Foreman Bot almost 2 years ago
- Fixed in Releases 3.0.0 added
#9
Updated by Ewoud Kohl van Wijngaarden almost 2 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset puppet-foreman|6c902a4f1f484137ebccafe4d3390881fd0b3d61.
Fixes #32827 - Add sendmail config options
As part of CVE-2021-3584 the option email_sendmail_location was limited
to just 4 choices. This allows admins to set it via settings.yaml. The
idea is that if you can edit settings.yaml, you're already compromised
while UI could be less protected.
When a setting is present in settings.yaml, the option becomes read-only
in the UI.
If the options are not set, they don't show up in settings.yaml.