Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.

Or am I missing something else?
The "cron job" approach can potentially be better, because it provides the ability to perform validation of the artifacts before publishing them to the world.
Problem is, no one seems to do said validation currently. Every project currently has to hack together a publishing script, with some of these probably offering security holes, because not everyone is a security expert.
This could be solved if we were to build one single official publishing script that every project would use, that could be reviewed for security.

On Wed, Sep 14, 2011 at 12:26 PM, Thomas Hallgren <thomas@xxxxxxx> wrote:
Let's say I'm the bad Guy. I've already exploited the current security leak with the ACL and replaced some files. Now I find that the ACL is gone but instead there's a cron-job that performs a copy. Seems to me like the only thing I need to do to keep up my malicious scheme is to replace the files at the source of that copy instead of at the target. Or am I missing something else?

- thomas

On 2011-09-14 10:26, St├ęphane Bouchet wrote:

initially, denis talked about security breach that could allow hudson user to access download area and can then be able to corrupt file or worse.

you are talking about something different, that is important too.

For the first question, that talk about only user privileges and access security, i've set up a cron for integration and nighlty, and for stable and releases, i personnally do promotion.

Your question is about hudson security that could permit somebody to corrupt files produced by hudson. i don't have answer for this one.

my 2c,

cross-project-issues-dev mailing list

Nicolas Bros
tel: 06 75 09 19 88
Mia-Software, 410 clos de la Courtine
93160 Noisy-le-Grand
.: model driven agility :.

Back to the top