[SECURITY] How to protect pipeline jobs using GitHub branch/PR auto-discovery from doing harm
56 views
Skip to first unread message
leandro....@sociomantic.com
Sep 9, 2016, 1:14:37 PM9/9/16
to Jenkins Users
This is particularly important for FLOSS projects wanting to use jenkins and test GitHub PR with it.
This was triggered by some problem with one PR, that for some reason ends up with a workspace without a git repo in it, combined with the fact that we use git itself to version Jenkins configuration.
So, when this happened, the pipeline script included a command to make sure the repo is clean, using `git reset --hard`. Since there was no `.git` in the workspace, the Jenkins config git was affected, thus losing data.
So it looks like the workspace is not isolated via `chroot` or other means. What happens if a malicious user just use `rm -rf $JENKINS_HOME` as the pipeline build script in a PR?
How would you recommend to protect against these kind of issues? Is there any way to force all pipeline jobs to run inside a docker *before* running any commands found in the Jenkinsfile?
Thank you!
This was triggered by some problem with one PR, that for some reason ends up with a workspace without a git repo in it, combined with the fact that we use git itself to version Jenkins configuration.
So, when this happened, the pipeline script included a command to make sure the repo is clean, using `git reset --hard`. Since there was no `.git` in the workspace, the Jenkins config git was affected, thus losing data.
So it looks like the workspace is not isolated via `chroot` or other means. What happens if a malicious user just use `rm -rf $JENKINS_HOME` as the pipeline build script in a PR?
How would you recommend to protect against these kind of issues? Is there any way to force all pipeline jobs to run inside a docker *before* running any commands found in the Jenkinsfile?
Thank you!
jpd4nt
Sep 10, 2016, 12:57:33 PM9/10/16
to Jenkins Users
Use slaves, not the master to run jobs.
If you want chroot workspaces you could use docker slaves, run a container per job etc.
Leandro Lucarella
Sep 12, 2016, 5:37:58 AM9/12/16
to jenkins...@googlegroups.com
what is in the repository we are fetching. Is it possible to run a
docker container inside a docker slave (which I assume is a container
itself)?
--
Leandro Lucarella
Technical Development Lead
Sociomantic Labs GmbH <http://www.sociomantic.com>
jpd4nt
Sep 12, 2016, 5:46:36 PM9/12/16
to Jenkins Users
Not sure about docker in docker, but you can have a throw away VM slave to build the docker image - there are a number plugins to do this.
Reply all
Reply to author
Forward
0 new messages