mig5/enroll
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity Actions

Doc updates
All checks were successful
CI / test (push) Successful in 49s
Details
CI / test (almalinux, docker.io/library/almalinux:9, python3.11) (push) Successful in 11m47s
Details
CI / test (debian, docker.io/library/debian:13, python3) (push) Successful in 20m32s
Details
Lint / test (push) Successful in 47s
Details

Browse source
This commit is contained in:
Miguel Jacq 2026-06-22 14:49:56 +10:00
parent ad019f6b09
commit 70525e52d8
Signed by: mig5
GPG key ID: 03906B4110AAD3B8
2 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
SECURITY.md
View file

@ -49,6 +49,7 @@ The following are generally out of scope and should not be reported as Enroll vu
* A user configuring a webhook, email target, SSH proxy command, SOPS binary, package manager, or configuration-management tool that they do not trust.
* A compromised system where an attacker already controls root-owned files, roots shell, roots configuration, or the privileged tools Enroll invokes.
* Reports that amount to “if root runs this tool with malicious options, root can make the system do dangerous things.”
* Enroll harvesting a file that has a *commented out* secret even with `--dangerous` disabled (it ignores comments so as to not be totally useless when it comes to harvesting config files). It is still the responsibility of the user to use `--sops` or appropriate at-rest encryption if in the slightest doubt about what might get harvested.
Enroll is a tool for administrators, not a sandbox for hostile local users. It cannot make unsafe local trust decisions safe if the operators own execution environment is already attacker-controlled.