[JENKINS-47593] can not to be online without permission - Jenkins Jira

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Critical
Resolution: Fixed
Component/s: ec2-plugin
Labels:
None

Similar Issues:

Show

Description

After upgrade to 2.86 plugin need extra permission for dynamic script to make slave online via ssh connection.

I can not use "In-process Script Approval" because this script look like
'ssh user@123.212.12.232 ....' and it is dynamic!

Attachments

Issue Links

is blocking

JENKINS-47393 Split CommandLauncher into a plugin and integrate with script-security

Resolved

links to

CloudBees Internal OSS-2545

Activity

Ascending order - Click to sort in descending order

View 5 older comments

Daniel Beck added a comment - 2017-11-06 15:01

kulinski This should not be happening; Jenkins should identify an upgrade and install newly detached plugins. Please file a new issue and file as many details as possible; ideally steps to reproduce and logs of the first Jenkins startup after update. Ping me in the description or a comment.

Daniel Beck added a comment - 2017-11-06 15:01 kulinski This should not be happening; Jenkins should identify an upgrade and install newly detached plugins. Please file a new issue and file as many details as possible; ideally steps to reproduce and logs of the first Jenkins startup after update. Ping me in the description or a comment.

Jesse Glick added a comment - 2017-11-08 14:20

To be clear, the “this” that should not be happening is the NoClassDefFoundError or whatever it is. The need to manually approve a command-line launch string is an acknowledged issue.

Jesse Glick added a comment - 2017-11-08 14:20 To be clear, the “this” that should not be happening is the NoClassDefFoundError or whatever it is. The need to manually approve a command-line launch string is an acknowledged issue.

SCM/JIRA link daemon added a comment - 2017-12-06 13:43

Code changed in jenkins
User: Wadeck Follonier
Path:
src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java
http://jenkins-ci.org/commit/ec2-plugin/ae2bf458ecad2a84d0d9a5f899977f4a6da82af6
Log:
~~JENKINS-47593~~[SECURITY-643] Allow command to be run without approval

use the second constructor of CommandLauncher to avoid being blocked by the security fix

SCM/JIRA link daemon added a comment - 2017-12-06 13:43 Code changed in jenkins User: Wadeck Follonier Path: src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java http://jenkins-ci.org/commit/ec2-plugin/ae2bf458ecad2a84d0d9a5f899977f4a6da82af6 Log: JENKINS-47593 [SECURITY-643] Allow command to be run without approval use the second constructor of CommandLauncher to avoid being blocked by the security fix

Daniel Beck added a comment - 2017-12-06 13:46

This was fixed as part of the 1.38 security update for the EC2 plugin.

Daniel Beck added a comment - 2017-12-06 13:46 This was fixed as part of the 1.38 security update for the EC2 plugin.

SCM/JIRA link daemon added a comment - 2017-12-16 07:04

Code changed in jenkins
User: Francis Upton IV
Path:
pom.xml
src/main/java/hudson/plugins/ec2/AmazonEC2Cloud.java
src/main/java/hudson/plugins/ec2/SlaveTemplate.java
src/main/java/hudson/plugins/ec2/UnixData.java
src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java
src/main/resources/hudson/plugins/ec2/Messages.properties
http://jenkins-ci.org/commit/ec2-plugin/180f7d0eae6031d67259a5d86d9d7d382f9eb05b
Log:
Jenkins 47593 avoid script block (#253)

~~JENKINS-47593~~[SECURITY-643] Allow command to be run without approval

use the second constructor of CommandLauncher to avoid being blocked by the security fix

- adding permission check on unsafe parameter modification

adding warning message in case someone is modifying the unsafe parameters

- also put the right check on the readResolve

regroup the permission error message

- change name of the required permission

[SECURITY-643] Fix exception during start of cloud config

[maven-release-plugin] prepare release ec2-1.38

[maven-release-plugin] prepare for next development iteration

SCM/JIRA link daemon added a comment - 2017-12-16 07:04 Code changed in jenkins User: Francis Upton IV Path: pom.xml src/main/java/hudson/plugins/ec2/AmazonEC2Cloud.java src/main/java/hudson/plugins/ec2/SlaveTemplate.java src/main/java/hudson/plugins/ec2/UnixData.java src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java src/main/resources/hudson/plugins/ec2/Messages.properties http://jenkins-ci.org/commit/ec2-plugin/180f7d0eae6031d67259a5d86d9d7d382f9eb05b Log: Jenkins 47593 avoid script block (#253) JENKINS-47593 [SECURITY-643] Allow command to be run without approval use the second constructor of CommandLauncher to avoid being blocked by the security fix - adding permission check on unsafe parameter modification adding warning message in case someone is modifying the unsafe parameters - also put the right check on the readResolve regroup the permission error message - change name of the required permission [SECURITY-643] Fix exception during start of cloud config [maven-release-plugin] prepare release ec2-1.38 [maven-release-plugin] prepare for next development iteration

Jenkins

can not to be online without permission

Details

Description

Attachments

Issue Links

Activity

People

Dates