[JIRA] (JENKINS-60435) shell scripts file permission set the default value to 0600

3 views
Skip to first unread message

mmh19891113@qq.com (JIRA)

unread,
Dec 11, 2019, 3:22:02 AM12/11/19
to jenkinsc...@googlegroups.com
Minghui Ma created an issue
 
Jenkins / New Feature JENKINS-60435
shell scripts file permission set the default value to 0600
Issue Type: New Feature New Feature
Assignee: Unassigned
Components: core
Created: 2019-12-11 08:21
Environment: Jenkins ver. 2.176.1
master is ubuntu 16.04.
all slaves is ubuntu 14.04.
Priority: Minor Minor
Reporter: Minghui Ma

rw-rw-r- 1 buildfarm buildfarm 71 Dec 11 15:33 /tmp/jenkins2989735420931240305.sh
rw-rw-r- 1 buildfarm buildfarm 71 Dec 11 15:32 /tmp/jenkins4366322686308396837.sh
rw-rw-r- 1 buildfarm buildfarm 563 Dec 11 15:32 /tmp/jenkins6911470318430213229.sh

I found the jenkins save the shell script in the /tmp path on ubuntu linux,

and the file permission is 644.

there are security risks.

on the same server other linux account can access these shell script files, maybe he/she will get password from these files (if i save the password into these hell script files).

so I suggest that set these scripts file permission to 0600.

like ssh-slaves-plugin set the remote working directory permission to 0700.

 

 
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

mmh19891113@qq.com (JIRA)

unread,
Dec 11, 2019, 3:25:01 AM12/11/19
to jenkinsc...@googlegroups.com
Minghui Ma updated an issue
Change By: Minghui Ma
-rw-rw-r-- 1 buildfarm buildfarm 71 Dec 11 15:33 /tmp/jenkins2989735420931240305.sh
-rw-rw-r-- 1 buildfarm buildfarm 71 Dec 11 15:32 /tmp/jenkins4366322686308396837.sh
-rw-rw-r-- 1 buildfarm buildfarm 563 Dec 11 15:32 /tmp/jenkins6911470318430213229.sh


I found the jenkins save the shell script in the /tmp path on ubuntu linux,
and the file permission is 644.

there are security risks.

on the same server other linux account can access these shell script files, maybe he/she will get password from

these files (if i save the password into these  hell shell script files).

so I suggest that set these scripts file permission to 0600. (or give a way to set  permission for these script )

 

 like ssh-slaves-plugin set the remote working directory permission to 0700.

 

 
Reply all
Reply to author
Forward
0 new messages