Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22769

ListView's ItemListener runs with user privileges, might miss affected views

        [JENKINS-22769] ListView's ItemListener runs with user privileges, might miss affected views

        Code changed in jenkins
        User: Jesse Glick
        Path:
        changelog.html
        core/src/main/java/hudson/model/listeners/ItemListener.java
        test/src/test/java/hudson/model/ListViewTest.java
        http://jenkins-ci.org/commit/jenkins/c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e
        Log:
        [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls.

        Compare: https://github.com/jenkinsci/jenkins/compare/28dfd90d2d6a...c04cdcd9f717

        SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/hudson/model/listeners/ItemListener.java test/src/test/java/hudson/model/ListViewTest.java http://jenkins-ci.org/commit/jenkins/c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e Log: [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls. Compare: https://github.com/jenkinsci/jenkins/compare/28dfd90d2d6a...c04cdcd9f717

        dogfood added a comment -

        Integrated in jenkins_main_trunk #3703
        [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls. (Revision c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e)

        Result = SUCCESS
        Jesse Glick : c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e
        Files :

        • test/src/test/java/hudson/model/ListViewTest.java
        • changelog.html
        • core/src/main/java/hudson/model/listeners/ItemListener.java

        dogfood added a comment - Integrated in jenkins_main_trunk #3703 [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls. (Revision c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e) Result = SUCCESS Jesse Glick : c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e Files : test/src/test/java/hudson/model/ListViewTest.java changelog.html core/src/main/java/hudson/model/listeners/ItemListener.java

        Oleg Nenashev added a comment -

        Caused JENKINS-25400 .
        Daniel, do you vote for reverting the fix?

        Oleg Nenashev added a comment - Caused JENKINS-25400 . Daniel, do you vote for reverting the fix?

        Daniel Beck added a comment -

        Undecided. How difficult is it to get the real user while impersonating?

        (FWIW this may also break some aspects of Job Config History, haven't try it though.)

        Daniel Beck added a comment - Undecided. How difficult is it to get the real user while impersonating? (FWIW this may also break some aspects of Job Config History, haven't try it though.)

        Code changed in jenkins
        User: Jesse Glick
        Path:
        changelog.html
        core/src/main/java/hudson/model/Fingerprint.java
        core/src/main/java/hudson/model/ListView.java
        core/src/main/java/hudson/model/listeners/ItemListener.java
        core/src/main/java/hudson/tasks/BuildTrigger.java
        http://jenkins-ci.org/commit/jenkins/a6a3d5e1660735edc18d331500f7ce9850fbc724
        Log:
        [FIXED JENKINS-25400] Rework fix of JENKINS-22769 (c04cdcd) to put the burden on each listener to impersonate ACL.SYSTEM if it needs to.

        Compare: https://github.com/jenkinsci/jenkins/compare/ee13a9a930ba...a6a3d5e16607

        SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/hudson/model/Fingerprint.java core/src/main/java/hudson/model/ListView.java core/src/main/java/hudson/model/listeners/ItemListener.java core/src/main/java/hudson/tasks/BuildTrigger.java http://jenkins-ci.org/commit/jenkins/a6a3d5e1660735edc18d331500f7ce9850fbc724 Log: [FIXED JENKINS-25400] Rework fix of JENKINS-22769 (c04cdcd) to put the burden on each listener to impersonate ACL.SYSTEM if it needs to. Compare: https://github.com/jenkinsci/jenkins/compare/ee13a9a930ba...a6a3d5e16607

        Jesse Glick added a comment -

        If backporting you would need to include the fix of JENKINS-25400 as well, which is not “soaked” yet.

        Jesse Glick added a comment - If backporting you would need to include the fix of JENKINS-25400 as well, which is not “soaked” yet.

        Oleg Nenashev added a comment -

        Backporting w/o a fix for JENKINS-25400 would be a really bad idea.
        We don't know the real impact of the issue.

        Oleg Nenashev added a comment - Backporting w/o a fix for JENKINS-25400 would be a really bad idea. We don't know the real impact of the issue.

        Code changed in jenkins
        User: Jesse Glick
        Path:
        core/src/main/java/hudson/model/listeners/ItemListener.java
        test/src/test/java/hudson/model/ListViewTest.java
        http://jenkins-ci.org/commit/jenkins/0efd811adb89769c8a6180e33e3d06d755bca4b5
        Log:
        [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls.
        (cherry picked from commit c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e)

        Conflicts:
        changelog.html

        SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/model/listeners/ItemListener.java test/src/test/java/hudson/model/ListViewTest.java http://jenkins-ci.org/commit/jenkins/0efd811adb89769c8a6180e33e3d06d755bca4b5 Log: [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls. (cherry picked from commit c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e) Conflicts: changelog.html

        Code changed in jenkins
        User: Jesse Glick
        Path:
        core/src/main/java/hudson/model/Fingerprint.java
        core/src/main/java/hudson/model/ListView.java
        core/src/main/java/hudson/model/listeners/ItemListener.java
        core/src/main/java/hudson/tasks/BuildTrigger.java
        http://jenkins-ci.org/commit/jenkins/8478e24609d407268bd579609bf0ce3ad395a046
        Log:
        [FIXED JENKINS-25400] Rework fix of JENKINS-22769 (c04cdcd) to put the burden on each listener to impersonate ACL.SYSTEM if it needs to.
        (cherry picked from commit a6a3d5e1660735edc18d331500f7ce9850fbc724)

        Conflicts:
        changelog.html

        Compare: https://github.com/jenkinsci/jenkins/compare/be835bfcfb17...8478e24609d4

        SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/model/Fingerprint.java core/src/main/java/hudson/model/ListView.java core/src/main/java/hudson/model/listeners/ItemListener.java core/src/main/java/hudson/tasks/BuildTrigger.java http://jenkins-ci.org/commit/jenkins/8478e24609d407268bd579609bf0ce3ad395a046 Log: [FIXED JENKINS-25400] Rework fix of JENKINS-22769 (c04cdcd) to put the burden on each listener to impersonate ACL.SYSTEM if it needs to. (cherry picked from commit a6a3d5e1660735edc18d331500f7ce9850fbc724) Conflicts: changelog.html Compare: https://github.com/jenkinsci/jenkins/compare/be835bfcfb17...8478e24609d4

        dogfood added a comment -

        Integrated in jenkins_main_trunk #4292
        [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls. (Revision 0efd811adb89769c8a6180e33e3d06d755bca4b5)
        [FIXED JENKINS-25400] Rework fix of JENKINS-22769 (c04cdcd) to put the burden on each listener to impersonate ACL.SYSTEM if it needs to. (Revision 8478e24609d407268bd579609bf0ce3ad395a046)

        Result = UNSTABLE
        ogondza : 0efd811adb89769c8a6180e33e3d06d755bca4b5
        Files :

        • core/src/main/java/hudson/model/listeners/ItemListener.java
        • test/src/test/java/hudson/model/ListViewTest.java

        ogondza : 8478e24609d407268bd579609bf0ce3ad395a046
        Files :

        • core/src/main/java/hudson/tasks/BuildTrigger.java
        • core/src/main/java/hudson/model/ListView.java
        • core/src/main/java/hudson/model/Fingerprint.java
        • core/src/main/java/hudson/model/listeners/ItemListener.java

        dogfood added a comment - Integrated in jenkins_main_trunk #4292 [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls. (Revision 0efd811adb89769c8a6180e33e3d06d755bca4b5) [FIXED JENKINS-25400] Rework fix of JENKINS-22769 (c04cdcd) to put the burden on each listener to impersonate ACL.SYSTEM if it needs to. (Revision 8478e24609d407268bd579609bf0ce3ad395a046) Result = UNSTABLE ogondza : 0efd811adb89769c8a6180e33e3d06d755bca4b5 Files : core/src/main/java/hudson/model/listeners/ItemListener.java test/src/test/java/hudson/model/ListViewTest.java ogondza : 8478e24609d407268bd579609bf0ce3ad395a046 Files : core/src/main/java/hudson/tasks/BuildTrigger.java core/src/main/java/hudson/model/ListView.java core/src/main/java/hudson/model/Fingerprint.java core/src/main/java/hudson/model/listeners/ItemListener.java

          jglick Jesse Glick
          danielbeck Daniel Beck
          Votes:
          0 Vote for this issue
          Watchers:
          4 Start watching this issue

            Created:
            Updated:
            Resolved: