From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 921301FF170 for ; Thu, 21 Aug 2025 13:58:21 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 8DF601EEA0; Thu, 21 Aug 2025 13:58:21 +0200 (CEST) Mime-Version: 1.0 Date: Thu, 21 Aug 2025 13:58:19 +0200 Message-Id: From: "Lukas Wagner" To: "Dominik Csapak" , "Proxmox Datacenter Manager development discussion" X-Mailer: aerc 0.20.1-0-g2ecb8770224a References: <20250821084229.1523597-1-d.csapak@proxmox.com> <20250821084229.1523597-5-d.csapak@proxmox.com> <9eba7c9d-0940-4bf9-9696-628b33e847ed@proxmox.com> In-Reply-To: <9eba7c9d-0940-4bf9-9696-628b33e847ed@proxmox.com> X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1755777498408 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.025 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pdm-devel] [PATCH datacenter-manager v3 04/23] server: add probe-tls endpoint X-BeenThere: pdm-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Datacenter Manager development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Datacenter Manager development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pdm-devel-bounces@lists.proxmox.com Sender: "pdm-devel" On Thu Aug 21, 2025 at 1:55 PM CEST, Dominik Csapak wrote: >>> + access: { >>> + permission: >>> + &Permission::Privilege(&["/"], PRIV_SYS_MODIFY, false), >> >> Does it make sense to require SYS_MODIFY here? Technically the user of >> the PDM API could also probe themselves, since they have the hostname >> anyway. >> Is this to limit the abuse potential of some rogue logged-in >> user hammering other servers with TLS probe requests while 'hiding' behind >> PDM? > > the idea i had here was similar as to how we decided for permissions on > pve with the query download url api (there we need sys.audit + > sys.modify on '/' or Sys.AccessNetwork on '/nodes/{node}' which we don't > have in pdm) > > the pdm is potentially in a network segment that is not reachable from > where the user sits, so the user can potentially probe internal network > resources. Even if the info leak is not dramatical, enumerating > ip/hostnames (from the certificate) can be bad. > Ah, makes sense. Thanks for the explanation! _______________________________________________ pdm-devel mailing list pdm-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pdm-devel