Master/Slave security
10 views
Skip to first unread message
Matthew Buckett
Mar 30, 2012, 3:23:59 PM3/30/12
to jenkins...@googlegroups.com
On the wiki page https://wiki.jenkins-ci.org/display/JENKINS/Securing+Jenkins it mentions that slaves are able to execute code on the master node.
Is this page correct, is the jenkins master only as secure as the weakest node?
Thanks.
Matthew Buckett
Sami Tikka
Mar 31, 2012, 11:55:28 AM3/31/12
to jenkins...@googlegroups.com
According to my understanding the master communicates with the slaves by sending and receiving java objects. AFAIK there is no validation for the objects the master receives from the slaves. So, even though there is no easy way for a random dude to inject his own objects into the stream, if that were to happen, the master would trust the slaves and would use the objects.
The reverse problem also exists: the master can execute any commands on the slaves and depending on the master security settings, people you do not trust might be able to execute commands on the slave if they can create or change job configurations or access the script console.
Do not run slaves on hosts you do to trust or run a slave for a master you do not trust.
-- Sami
Jan Seidel
Apr 3, 2012, 4:52:58 AM4/3/12
to Jenkins Users
Word! Sami
I use Jenkins also for administrative jobs like rebooting the machine,
restarting the services, opening the task manager or checking with WMI
the disk space but you could of course also do more exciting things
here ;)
Some jobs like opening the task manager or rebooting the machine have
proven their worth if the system hangs and your are sitting after EOB
at home while the machines are located in the company' old data
centre.
Somewhat frustrating to get stopped like that in the middle of an
important task ;) So hooray for this imperfection but don't forget to
lockdown these jobs that nobody else can access them.
Take care
Jan
On 31 Mrz., 17:55, Sami Tikka <sjti...@gmail.com> wrote:
> According to my understanding the master communicates with the slaves by sending and receiving java objects. AFAIK there is no validation for the objects the master receives from the slaves. So, even though there is no easy way for a random dude to inject his own objects into the stream, if that were to happen, the master would trust the slaves and would use the objects.
>
> The reverse problem also exists: the master can execute any commands on the slaves and depending on the master security settings, people you do not trust might be able to execute commands on the slave if they can create or change job configurations or access the script console.
>
> Do not run slaves on hosts you do to trust or run a slave for a master you do not trust.
>
> -- Sami
>
> Matthew Buckett <buck...@gmail.com> kirjoitti 30.3.2012 kello 22.23:
>
>
>
>
>
>
>
> > On the wiki pagehttps://wiki.jenkins-ci.org/display/JENKINS/Securing+Jenkinsit mentions that slaves are able to execute code on the master node.
I use Jenkins also for administrative jobs like rebooting the machine,
restarting the services, opening the task manager or checking with WMI
the disk space but you could of course also do more exciting things
here ;)
Some jobs like opening the task manager or rebooting the machine have
proven their worth if the system hangs and your are sitting after EOB
at home while the machines are located in the company' old data
centre.
Somewhat frustrating to get stopped like that in the middle of an
important task ;) So hooray for this imperfection but don't forget to
lockdown these jobs that nobody else can access them.
Take care
Jan
On 31 Mrz., 17:55, Sami Tikka <sjti...@gmail.com> wrote:
> According to my understanding the master communicates with the slaves by sending and receiving java objects. AFAIK there is no validation for the objects the master receives from the slaves. So, even though there is no easy way for a random dude to inject his own objects into the stream, if that were to happen, the master would trust the slaves and would use the objects.
>
> The reverse problem also exists: the master can execute any commands on the slaves and depending on the master security settings, people you do not trust might be able to execute commands on the slave if they can create or change job configurations or access the script console.
>
> Do not run slaves on hosts you do to trust or run a slave for a master you do not trust.
>
> -- Sami
>
>
>
>
>
>
>
>
> > On the wiki pagehttps://wiki.jenkins-ci.org/display/JENKINS/Securing+Jenkinsit mentions that slaves are able to execute code on the master node.
Reply all
Reply to author
Forward
0 new messages