Re: CFengine

[Nichole Koreen Boscia <nboscia () mail arc nasa gov>]

We currently implement Cfengine to maintain a very large-scale network.
Cfengine itself is very buggy and risky.  The "flaw" lies not in security
design, but in over-confidence. One simple error in the script could result
in every client's hard drive being cleaned out.  Also, if you use central
file distribution for your cfengine scripts, that becomes a hacker's haven.
Do NOT implement Cfengine if you're a tight-head on security.  Or, if you
do, put "highly secure" hosts in their own release group and try to stay
away from running new scripts until they're widely tested.  Cfrun will only
run files that already exist on the machine, so there's not a security issue
of anyone doing anything with port 5308. Actually, that's only used for
communication with cfd (which is basically a remote file server and
authentication host).  Most of the time, you won't even be using anything
from the network (unless you have a setup with cfd running on each host).
The key to security with Cfengine is paranoia.  Be very paranoid that you'll
completely wipe-out everything on your network at all times.




----- Original Message -----
From: "Mike" <guajiro () D-INSIGHT COM>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Tuesday, August 08, 2000 8:55 AM
Subject: CFengine


> Hey.
>
> I am thinking of implementing Cfengine for managing configuration files,
> packages, and patches for our differet servers and locations.
>
> Anyone heard of any security flaws with CFengine via its TCP port 5308?
>
> -M