Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31599

Split Jenkins GUI, Jenkins Backend, Jenkins Workers

    XMLWordPrintable

Details

    • 2.0 Security, Split GUI, Backend, Workers

    Description

      Imagine a default Jenkins setup consisting of a single master instance ... a test running on master instance writing to a disk file could potentially ruin the master installation overwriting or deleting the Jenkins configuration files.

      This does not feel right, considering this scenario an emphasis could be put on a better security setup consisting of a

      • robust backend with REST APIs
      • GUI
      • jailed workers (chroot, docker container, etc.)
      • secured messaging backbone for communication between the core and the workers

      IMHO and TBD

      I did not find a lot of evidence of this topic so far, it might be quite off track of the current jenkins philosophy compromising a bit of security for usability purposes. However security issues are subject to be discussed in enterprise environments and targeting those might be a viable direction.

      Attachments

        Activity

          kisa kisa created issue -
          kisa kisa made changes -
          Field Original Value New Value
          Description Imagine a default Jenkins setup consisting of a single master instance ... a test running on master instance writing to a disk file could potentially ruin the master installation overwriting or deleting the Jenkins configuration files.

          This does not feel right, considering this scenario an emphasis could be put on a better security setup consisting of a

          * robust backend with REST APIs
          * GUI
          * jailed workers (chroot, docker container, etc.)
          * secured messaging backbone for communication between the core and the workers

          IMHO and TBD

          I did not find a lot of evidence of this topic so far, it might be quite off track of the current jenkins philosophy compromising a bit of security for usability purposes. However this issues are subject to be discussed in enterprise environments and targeting those might also be a viable direction.
          Imagine a default Jenkins setup consisting of a single master instance ... a test running on master instance writing to a disk file could potentially ruin the master installation overwriting or deleting the Jenkins configuration files.

          This does not feel right, considering this scenario an emphasis could be put on a better security setup consisting of a

          * robust backend with REST APIs
          * GUI
          * jailed workers (chroot, docker container, etc.)
          * secured messaging backbone for communication between the core and the workers

          IMHO and TBD

          I did not find a lot of evidence of this topic so far, it might be quite off track of the current jenkins philosophy compromising a bit of security for usability purposes. However security issues are subject to be discussed in enterprise environments and targeting those might be a viable direction.
          kisa kisa made changes -
          Assignee Kohsuke Kawaguchi [ kohsuke ]
          danielbeck Daniel Beck made changes -
          Assignee Kohsuke Kawaguchi [ kohsuke ]
          danielbeck Daniel Beck made changes -
          Resolution Incomplete [ 4 ]
          Status Open [ 1 ] Resolved [ 5 ]
          danielbeck Daniel Beck made changes -
          Labels 2.0 2.0-declined
          nayan744 Nayan Gogoi made changes -
          Epic Child JENKINS-32572 [ 167715 ]
          danielbeck Daniel Beck made changes -
          Labels 2.0-declined 2.0-rejected
          kapilmitra kapil mitra made changes -
          Epic Child JENKINS-33061 [ 168414 ]
          thasedpojjuann thasedpojjuann made changes -
          Epic Child JENKINS-35274 [ 170978 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 167027 ] JNJira + In-Review [ 198097 ]
          ningta ningta made changes -
          Epic Child JENKINS-37606 [ 173724 ]
          nayan_744 Nayan Gogoi made changes -
          Epic Child JENKINS-32572 [ 167715 ]
          gmt_jenkins gajendra mani tripathi made changes -
          Epic Child JENKINS-42575 [ 179506 ]
          dokterradensaleh dokter raden saleh jakarta made changes -
          Epic Child JENKINS-60025 [ 202850 ]
          kristy Kristy ashton (Inactive) made changes -
          Epic Child JENKINS-61013 [ 204483 ]
          klinikkuretkandungan klinik kuret kandungan jakarta (Inactive) made changes -
          Epic Child JENKINS-61289 [ 204865 ]
          ramanaadla Ramana Adla made changes -
          Epic Child JENKINS-62810 [ 207029 ]
          klinikaborsikuret klinik made changes -
          Epic Child JENKINS-65731 [ 211471 ]
          klinikaborsikuret klinik made changes -
          Epic Child JENKINS-65773 [ 211530 ]

          People

            Unassigned Unassigned
            kisa kisa
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: