Re: [cross-project-issues-dev] Why allowing Hudson to write to your down

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.

From: Igor Fedorenko <ifedorenko@xxxxxxxxxxxx>
Date: Wed, 14 Sep 2011 07:41:56 -0400
Delivered-to: cross-project-issues-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/cross-project-issues-dev>
List-help: <mailto:cross-project-issues-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev>, <mailto:cross-project-issues-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/cross-project-issues-dev>, <mailto:cross-project-issues-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2

What kind of manual validation do you do to make sure files produces by
Hudson have not been maliciously modified by somebody who gained control
over Hudson instance (assuming you use Hudson to produce
milestone/release builds)?

--
Regards,
Igor

On 11-09-14 4:31 AM, Gunnar Wagenknecht wrote:

Am 14.09.2011 09:46, schrieb Thomas Hallgren:

I have no idea how I should write a cron-job that would detect malicious code cleverly hidden in a Hudson
build result. Do you? Does anyone?


No I don't. But I know when I prepare a release and need to run the sync
manually. Manual processes are error prone. But they allow me to perform
the validation which sort of works for now.

-Gunnar

Follow-Ups:
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Gunnar Wagenknecht

References:
- [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Denis Roy
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Igor Fedorenko
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Gunnar Wagenknecht
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Thomas Hallgren
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Gunnar Wagenknecht
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Thomas Hallgren
- Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
  - From: Gunnar Wagenknecht

Prev by Date: Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
Next by Date: Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
Previous by thread: Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
Next by thread: Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.
Index(es):
- Date
- Thread

Breadcrumbs