Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31555

Slave2Master security: Symlinks handling differs depeding on platform

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • core
    • jenkins-1.580+

      It's a follow-up to https://groups.google.com/forum/#!topic/jenkinsci-dev/RbQSUCg_9OY

      I have an OpenJDK/Debian/ARM setup. On this setup Slave2Master security seems to resolve symbolic links to absolute ones => whitelists do not work. In such case I see a security check failure in Cobertura publisher.

      Everything works fine on Mac

          [JENKINS-31555] Slave2Master security: Symlinks handling differs depeding on platform

          Oleg Nenashev created issue -
          Oleg Nenashev made changes -
          Description Original: It's a follow-up to https://groups.google.com/forum/#!topic/jenkinsci-dev/RbQSUCg_9OY

          Slave2Master security constructs whitelists using patterns. BTW, a pattern for the BUILD_DIR presumes that its's being always stored in JOBS_DIR/builds . If somebody configures other path using Jenkins Advanced options in Global configs, the whitelisting won't work properly.           		New: It's a follow-up to https://groups.google.com/forum/#!topic/jenkinsci-dev/RbQSUCg_9OY

          I have an OpenJDK/Debian/ARM setup. On this setup Slave2Master security seems to resolve symbolic links to absolute ones => whitelists do not work. In such case I see a security check failure in Cobertura publisher.
          Oleg Nenashev made changes -
          Priority Original: Major [ 3 ] New: Minor [ 4 ]
          Oleg Nenashev made changes -
          Description Original: It's a follow-up to https://groups.google.com/forum/#!topic/jenkinsci-dev/RbQSUCg_9OY

          I have an OpenJDK/Debian/ARM setup. On this setup Slave2Master security seems to resolve symbolic links to absolute ones => whitelists do not work. In such case I see a security check failure in Cobertura publisher.           		New: It's a follow-up to https://groups.google.com/forum/#!topic/jenkinsci-dev/RbQSUCg_9OY

          I have an OpenJDK/Debian/ARM setup. On this setup Slave2Master security seems to resolve symbolic links to absolute ones => whitelists do not work. In such case I see a security check failure in Cobertura publisher.

          Everything works fine on Mac
          Oleg Nenashev made changes -
          Labels Original: security New: arm security
          Oleg Nenashev made changes -
          Assignee New: Oleg Nenashev [ oleg_nenashev ]

          Oleg Nenashev added a comment -

          Additional investigation is required

          Oleg Nenashev added a comment - Additional investigation is required
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 166979 ] New: JNJira + In-Review [ 182538 ]

          Oleg Nenashev added a comment -

          No plan to work on it anytime soon. Pull requests will be appreciated, reviewed and integrated if possible.

          Oleg Nenashev added a comment - No plan to work on it anytime soon. Pull requests will be appreciated, reviewed and integrated if possible.
          Oleg Nenashev made changes -
          Assignee Original: Oleg Nenashev [ oleg_nenashev ]

            Unassigned Unassigned
            oleg_nenashev Oleg Nenashev
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: