Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-11891

EC2 plugin's ssh library causing failures

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Duplicate
    • Component/s: ec2-plugin
    • Labels:
    • Environment:
      Amazon Linux AMI (32-bit)
    • Similar Issues:

      Description

      The ssh library of Jenkins EC2 is trying to copy files from the root's directory to other parts. Many "secure" Linux distributions now disallow copying anything into or out of the root's directory – even if done with super user privileges.

      Looking at https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java, line 157 seems to be the offending line.

      Is there a reason why we need to copy those files to the root directory (specially if we're using a non-root superuser)?

      Actually I think this brings a bigger issue: why do we need to use superuser to activate root to then do the work as root? sudoers (specially those that come by default on EC2 instances) have sufficient privileges to install/remove/run just about anything in the instance. Trying to backdoor to root doesn't seem the most graceful of approaches.

        Attachments

          Activity

          Hide
          francisu Francis Upton added a comment -

          I think this is taken care of with the fix to JENKINS-5867, we don't write anything to the root directory any longer and we are able to run instances with a non-root user.

          Show
          francisu Francis Upton added a comment - I think this is taken care of with the fix to JENKINS-5867 , we don't write anything to the root directory any longer and we are able to run instances with a non-root user.

            People

            Assignee:
            francisu Francis Upton
            Reporter:
            rdo_ci Ruben Orduz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: