Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-9383

mitigate security issues

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The plugin is realy great, but because it exposes internal hudson objects to the enduser. Therefore we are not allowed to use it in our secure environment.

      This issue could be mitigated by allowing the systemadminstrator (hudson admin) to disable the exposing of 'hudson', 'buil' and 'listener' references.

        Attachments

          Issue Links

            Activity

            Hide
            danielbeck Daniel Beck added a comment -

            hudson.model.Hudson.instance.doQuietDown() works just fine, security or not.

            Maybe take a look at how email-ext resolved JENKINS-15213?

            Show
            danielbeck Daniel Beck added a comment - hudson.model.Hudson.instance.doQuietDown() works just fine, security or not. Maybe take a look at how email-ext resolved JENKINS-15213 ?
            Hide
            jglick Jesse Glick added a comment -

            Closing since JENKINS-15212 covers the ineffectiveness of the current solution.

            Show
            jglick Jesse Glick added a comment - Closing since JENKINS-15212 covers the ineffectiveness of the current solution.
            Hide
            danielbeck Daniel Beck added a comment - - edited

            (Edited: Too late, PR done)

            Jesse: Note that 15212 also mentions the need for a more extensive API to make the plugin in a secured environment not just useable, but useful – too many basic action requires falling back to the manager. Maybe use this one for the sandboxing, and keep 15212 for the API changes?

            Show
            danielbeck Daniel Beck added a comment - - edited (Edited: Too late, PR done) Jesse: Note that 15212 also mentions the need for a more extensive API to make the plugin in a secured environment not just useable, but useful – too many basic action requires falling back to the manager. Maybe use this one for the sandboxing, and keep 15212 for the API changes?
            Hide
            jglick Jesse Glick added a comment -

            The PR for JENKINS-15212 does include whitelisting of the BadgeManager methods I felt were clearly safe. An individual admin can always manually whitelist others, or further plugin updates could include more whitelisted methods with reviewed semantics. Also a job developer can run the script outside the sandbox if the admin approves the whole script, which is less convenient but always available as a last resort.

            Show
            jglick Jesse Glick added a comment - The PR for JENKINS-15212 does include whitelisting of the BadgeManager methods I felt were clearly safe. An individual admin can always manually whitelist others, or further plugin updates could include more whitelisted methods with reviewed semantics. Also a job developer can run the script outside the sandbox if the admin approves the whole script, which is less convenient but always available as a last resort.
            Hide
            danielbeck Daniel Beck added a comment -

            Right, forgot about the sandboxing being optional. Thanks for taking care of this issue!

            Show
            danielbeck Daniel Beck added a comment - Right, forgot about the sandboxing being optional. Thanks for taking care of this issue!

              People

              Assignee:
              wolfs Stefan Wolf
              Reporter:
              domi Dominik Bartholdi
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: