|Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.|
Hi,initially, denis talked about security breach that could allow hudson user to access download area and can then be able to corrupt file or worse.
you are talking about something different, that is important too.For the first question, that talk about only user privileges and access security, i've set up a cron for integration and nighlty, and for stable and releases, i personnally do promotion.
Your question is about hudson security that could permit somebody to corrupt files produced by hudson. i don't have answer for this one.
my 2c, Le 14/09/2011 09:46, Thomas Hallgren a écrit :
On 2011-09-14 09:42, Gunnar Wagenknecht wrote:Am 14.09.2011 09:29, schrieb Thomas Hallgren:How is that different from having an ACL that permits Hudson to write to your download area?Well, I don't have to run the cron job., i.e. it's it's under *my* control.Indeed. My point is that if everyone writes a cron-job in order to gain control, then we move the responsibility to each individual project to ensure that what it copies is secure. How can each project ensure that if we assume that Hudson is compromised? I have no idea how I should write a cron-job that would detect malicious code cleverly hidden in a Hudson build result. Do you? Does anyone? - thomas _______________________________________________ cross-project-issues-dev mailing list cross-project-issues-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
begin:vcard fn;quoted-printable:St=C3=A9phane Bouchet n;quoted-printable:Bouchet;St=C3=A9phane org:Obeo adr;quoted-printable:BP 20773;;7 Boulevard Amp=C3=A8re;CARQUEFOU;;44481;France email;internet:stephane.bouchet@xxxxxxx tel;work:02-51-13-61-67 x-mozilla-html:FALSE url:http://www.obeo.fr version:2.1 end:vcard
Back to the top