Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-11891

EC2 plugin's ssh library causing failures


    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • ec2-plugin
    • Amazon Linux AMI (32-bit)

      The ssh library of Jenkins EC2 is trying to copy files from the root's directory to other parts. Many "secure" Linux distributions now disallow copying anything into or out of the root's directory – even if done with super user privileges.

      Looking at https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java, line 157 seems to be the offending line.

      Is there a reason why we need to copy those files to the root directory (specially if we're using a non-root superuser)?

      Actually I think this brings a bigger issue: why do we need to use superuser to activate root to then do the work as root? sudoers (specially those that come by default on EC2 instances) have sufficient privileges to install/remove/run just about anything in the instance. Trying to backdoor to root doesn't seem the most graceful of approaches.

            francisu Francis Upton
            rdo_ci Ruben Orduz
            0 Vote for this issue
            0 Start watching this issue