Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Security changes to SSH and shells explained

I really like the proposal. Simple and with minimal intrusion. Those that need shell access can still get it.





From: cross-project-issues-dev-bounces@xxxxxxxxxxx [mailto:cross-project-issues-dev-bounces@xxxxxxxxxxx] On Behalf Of Kim Moir
Sent: Wednesday, September 28, 2011 3:32 PM
To: Cross project issues
Subject: Re: [cross-project-issues-dev] Security changes to SSH and shells explained


+1 we need to reserve for shell access for running builds, running scripts to clean up old builds, fixing broken permissions, running promote scripts, converting repos to git etc.

Yes, we need to mitigate security concerns.  However, at the same time we need to be able to do our jobs in a productive fashion so that we can continue to deliver great software to the community.  

From:        Denis Roy <denis.roy@xxxxxxxxxxx>
To:        cross-project-issues-dev@xxxxxxxxxxx
Date:        09/28/2011 03:08 PM
Subject:        Re: [cross-project-issues-dev] Security changes to SSH and shells explained
Sent by:        cross-project-issues-dev-bounces@xxxxxxxxxxx

On 09/28/2011 02:49 PM, Eric Gwin wrote:
What about Use-case 1a; The evil hacker who hypothetically stole David's private key operates out of the Bahamas,

Good points.

Clearly, our number one priority as a community must be preventing David Williams from vacationing in the Bahamas.  That must never happen.

Seriously, I'm trying to keep this simple.  I'm assuming that before confirming that the network you're using is trustworthy you've ensured that it indeed is (ie, there isn't a microwave dish pointed directly at you, no one placed a briefcase with a hole in it over your keyboard, etc.).

However, I'd be interested to know your thoughts on how we'd implement a "temporary trust"...  Perhaps, when replying to the email, you type a keyword in the email body that we parse and use?

On 09/28/2011 03:01 PM, David Carver wrote:
Eliminate the need for Shell access entirely, otherwise this is just a bandaid, and if somebody really wants to get into the servers, they'll find a way to do it.

Ultimately, eliminating the need for a shell is the goal.  Since many projects use shell-based builds, we can't just assume that torquing Hudson will solve all our problems today.  

cross-project-issues-dev mailing list

Back to the top