Suspicious sources placed by Jenkins to /tmp

[Jozef Babjak]

Hello!

My Jenkins is creating random (UUID-named) directories under /tmp directory. Each such directory contains C source codes of libjpeg-turbo, or at least something which look so. From security point of view it seems to me very suspicious, if such program like Java-based Jenkins is storing C sources. 

Is this anything which is expected?

Some interesting environment settings follow below.

Jozef

----

OS: Red Hat Enterprise Linux Server release 7.1 (Maipo)

Jenkins: 2.19.2

Java: Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)

installed plugins:

ace-editor 1.1

active-directory 2.0

analysis-core 1.79

ant 1.4

antisamy-markup-formatter 1.5

bouncycastle-api 2.16.0

branch-api 1.11.1

build-timeout 1.17.1

checkstyle 3.46

cloudbees-folder 5.13

credentials 2.1.8

dashboard-view 2.9.10

display-url-api 0.5

durable-task 1.12

email-ext 2.52

emailext-template 1.0

external-monitor-job 1.6

git 3.0.0

git-client 2.1.0

git-server 1.7

gradle 1.25

handlebars 1.1.1

icon-shim 2.0.3

javadoc 1.4

jquery-detached 1.2.1

junit 1.19

ldap 1.13

mailer 1.18

matrix-auth 1.4

matrix-project 1.7.1

maven-plugin 2.14

momentjs 1.1.1

pam-auth 1.3

pipeline-build-step 2.3

pipeline-graph-analysis 1.2

pipeline-input-step 2.3

pipeline-milestone-step 1.1

pipeline-rest-api 2.2

pipeline-stage-step 2.2

pipeline-stage-view 2.2

resource-disposer 0.3

role-strategy 2.3.2

scm-api 1.3

script-security 1.24

ssh-credentials 1.12

structs 1.5

timestamper 1.8.7

token-macro 2.0

windows-slaves 1.2

workflow-aggregator 2.4

workflow-api 2.5

workflow-basic-steps 2.3

workflow-cps 2.22

workflow-cps-global-lib 2.4

workflow-durable-task-step 2.5

workflow-job 2.8

workflow-multibranch 2.9

workflow-scm-step 2.2

workflow-step-api 2.5

workflow-support 2.10

ws-cleanup 0.32

[Baptiste Mathus]

Might be better that the plugin (?) cleans this up. But I'm not sure that's a security issue: it's already on machine(s) where anyway that source code constantly comes and goes on the disk. So?

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/2420e301-ee95-4c5a-b080-290b73957658%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jozef Babjak]

The mystery is solved. Jenkins is not guilty at all. 

It was nodejs/npm who tried to install that library from sources, because it was not available in the system. I'm not sure why, I'm not sure if it succeed or not and I do not know why it does not clean up afterwards, but for now it sufficient for me to know that I'm not hacked. :-)

Jozef

To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.