[JENKINS-21327] Offering access to users with RUN_SCRIPTS is redundant

Type: Bug
Resolution: Done
Priority: Major
Component/s: scriptler-plugin
Labels:
- security

Similar Issues:
Powered by SuggestiMate

Show

From my reading of the UI and wiki, Scriptler seems to allow people with ADMINISTER to always run scripts, and those with RUN_SCRIPTS to do so only if additionally authorized. If true, this is backwards, as RUN_SCRIPTS is strictly more powerful than ADMINISTER. (And for Scriptler to be useful in a large secured installation, someone with RUN_SCRIPTS needs to be able to offer scripts for use by users who lack either permission.)

Is this really true, or does the UI just give this false impression? For example

Allow execution by user with 'RunScripts' permission

is related to

JENKINS-21336 ADMINISTER should not imply RUN_SCRIPTS

In Progress

links to

#32

Jesse Glick added a comment - 2014-01-10 15:09

Checking this option, allows users who have the 'RunScript' permission to change a scriptler scripts before executing it.
A user can seriously harm your system and compromise your security!

which makes no sense, since a user with RUN_SCRIPTS can trivially compromise any kind of security without any help from the Scriptler plugin.

Jesse Glick added a comment - 2014-01-10 15:09 Or Checking this option, allows users who have the 'RunScript' permission to change a scriptler scripts before executing it. A user can seriously harm your system and compromise your security! which makes no sense, since a user with RUN_SCRIPTS can trivially compromise any kind of security without any help from the Scriptler plugin.

Dominik Bartholdi added a comment - 2014-01-10 17:26

If you'r right and RUN_SCRIPTS has more power then ADMINISTRATOR, then I must say that RUN_SCRIPT is not well documented and a very very misleading name.

But anyway - I guess if you say so, then you probably are right and sure this must be changed/fixed!

Dominik Bartholdi added a comment - 2014-01-10 17:26 If you'r right and RUN_SCRIPTS has more power then ADMINISTRATOR, then I must say that RUN_SCRIPT is not well documented and a very very misleading name. But anyway - I guess if you say so, then you probably are right and sure this must be changed/fixed!

Jesse Glick added a comment - 2014-01-10 22:47

Filed JENKINS-21336 to capture the broader discussion.

Jesse Glick added a comment - 2014-01-10 22:47 Filed JENKINS-21336 to capture the broader discussion.

Daniel Beck added a comment - 2014-06-29 22:08

domi:

If you'r right and RUN_SCRIPTS has more power then ADMINISTRATOR, then I must say that RUN_SCRIPT is not well documented and a very very misleading name.

It's as useless on almost all instances as the UploadPlugins and ConfigureUpdateCenter permissions (i.e. 3 out of 5) that only exist to enable somewhat secure Cloudbees-hosted instances.

Daniel Beck added a comment - 2014-06-29 22:08 domi : If you'r right and RUN_SCRIPTS has more power then ADMINISTRATOR, then I must say that RUN_SCRIPT is not well documented and a very very misleading name. It's as useless on almost all instances as the UploadPlugins and ConfigureUpdateCenter permissions (i.e. 3 out of 5) that only exist to enable somewhat secure Cloudbees-hosted instances.

Dominik Bartholdi added a comment - 2014-06-30 07:57

@danielbeck
I now fully agree and think the whole permission schemas are a mess, not just how to use them in the code, but also to administer - an administrator has barely an idea what implication each permission has for each user.

I will chenage the usage of RUN_SCRIPT in scriptler, but I just did not have the time to so yet...

Dominik Bartholdi added a comment - 2014-06-30 07:57 @danielbeck I now fully agree and think the whole permission schemas are a mess, not just how to use them in the code, but also to administer - an administrator has barely an idea what implication each permission has for each user. I will chenage the usage of RUN_SCRIPT in scriptler, but I just did not have the time to so yet...

SCM/JIRA link daemon added a comment - 2017-05-15 18:01

Code changed in jenkins
User: imod
Path:
src/main/java/org/jenkinsci/plugins/scriptler/ScriptlerManagement.java
src/main/java/org/jenkinsci/plugins/scriptler/builder/ScriptlerBuilder.java
src/main/resources/org/jenkinsci/plugins/scriptler/Messages.properties
src/main/webapp/help-allowRunScriptEdit.html
src/main/webapp/help-allowRunScriptPermission.html
src/test/java/org/jenkinsci/plugins/scriptler/restapi/ScriptlerRestApiTest.java
http://jenkins-ci.org/commit/scriptler-plugin/71054a6da9c98d23dcc63588686939a62765cf09
Log:
~~JENKINS-21327~~ replace RUN_SCRIPTS with a new Scritpler RUN permission

SCM/JIRA link daemon added a comment - 2017-05-15 18:01 Code changed in jenkins User: imod Path: src/main/java/org/jenkinsci/plugins/scriptler/ScriptlerManagement.java src/main/java/org/jenkinsci/plugins/scriptler/builder/ScriptlerBuilder.java src/main/resources/org/jenkinsci/plugins/scriptler/Messages.properties src/main/webapp/help-allowRunScriptEdit.html src/main/webapp/help-allowRunScriptPermission.html src/test/java/org/jenkinsci/plugins/scriptler/restapi/ScriptlerRestApiTest.java http://jenkins-ci.org/commit/scriptler-plugin/71054a6da9c98d23dcc63588686939a62765cf09 Log: JENKINS-21327 replace RUN_SCRIPTS with a new Scritpler RUN permission

SCM/JIRA link daemon added a comment - 2017-05-15 18:18

Code changed in jenkins
User: imod
Path:
src/main/resources/org/jenkinsci/plugins/scriptler/ScriptlerManagement/edit.properties
src/main/resources/org/jenkinsci/plugins/scriptler/ScriptlerManagement/edit_ja.properties
http://jenkins-ci.org/commit/scriptler-plugin/943a9c42c413e0ced6add1c99a0864f58167c532
Log:
~~JENKINS-21327~~ fix translations

SCM/JIRA link daemon added a comment - 2017-05-15 18:18 Code changed in jenkins User: imod Path: src/main/resources/org/jenkinsci/plugins/scriptler/ScriptlerManagement/edit.properties src/main/resources/org/jenkinsci/plugins/scriptler/ScriptlerManagement/edit_ja.properties http://jenkins-ci.org/commit/scriptler-plugin/943a9c42c413e0ced6add1c99a0864f58167c532 Log: JENKINS-21327 fix translations

Wadeck Follonier added a comment - 2018-03-12 10:08

Proposed PR merged

Wadeck Follonier added a comment - 2018-03-12 10:08 Proposed PR merged

Assignee:: Dominik Bartholdi

Reporter:: Jesse Glick

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2014-01-10 15:06

Updated:: 2018-03-12 10:08

Resolved:: 2018-03-12 10:08

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Jesse Glick added a comment - 2014-01-10 15:09

Expand comment: Jesse Glick added a comment - 2014-01-10 15:09

Collapse comment: Dominik Bartholdi added a comment - 2014-01-10 17:26

Expand comment: Dominik Bartholdi added a comment - 2014-01-10 17:26

Collapse comment: Jesse Glick added a comment - 2014-01-10 22:47

Expand comment: Jesse Glick added a comment - 2014-01-10 22:47

Collapse comment: Daniel Beck added a comment - 2014-06-29 22:08

Expand comment: Daniel Beck added a comment - 2014-06-29 22:08

Collapse comment: Dominik Bartholdi added a comment - 2014-06-30 07:57

Expand comment: Dominik Bartholdi added a comment - 2014-06-30 07:57

Collapse comment: SCM/JIRA link daemon added a comment - 2017-05-15 18:01

Expand comment: SCM/JIRA link daemon added a comment - 2017-05-15 18:01

Collapse comment: SCM/JIRA link daemon added a comment - 2017-05-15 18:18

Expand comment: SCM/JIRA link daemon added a comment - 2017-05-15 18:18

Collapse comment: Wadeck Follonier added a comment - 2018-03-12 10:08

Expand comment: Wadeck Follonier added a comment - 2018-03-12 10:08

People

Dates