Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-9383

mitigate security issues

    XMLWordPrintable

Details

    Description

      The plugin is realy great, but because it exposes internal hudson objects to the enduser. Therefore we are not allowed to use it in our secure environment.

      This issue could be mitigated by allowing the systemadminstrator (hudson admin) to disable the exposing of 'hudson', 'buil' and 'listener' references.

      Attachments

        Issue Links

          Activity

            danielbeck Daniel Beck added a comment -

            hudson.model.Hudson.instance.doQuietDown() works just fine, security or not.

            Maybe take a look at how email-ext resolved JENKINS-15213?

            danielbeck Daniel Beck added a comment - hudson.model.Hudson.instance.doQuietDown() works just fine, security or not. Maybe take a look at how email-ext resolved JENKINS-15213 ?
            jglick Jesse Glick added a comment -

            Closing since JENKINS-15212 covers the ineffectiveness of the current solution.

            jglick Jesse Glick added a comment - Closing since JENKINS-15212 covers the ineffectiveness of the current solution.
            danielbeck Daniel Beck added a comment - - edited

            (Edited: Too late, PR done)

            Jesse: Note that 15212 also mentions the need for a more extensive API to make the plugin in a secured environment not just useable, but useful – too many basic action requires falling back to the manager. Maybe use this one for the sandboxing, and keep 15212 for the API changes?

            danielbeck Daniel Beck added a comment - - edited (Edited: Too late, PR done) Jesse: Note that 15212 also mentions the need for a more extensive API to make the plugin in a secured environment not just useable, but useful – too many basic action requires falling back to the manager. Maybe use this one for the sandboxing, and keep 15212 for the API changes?
            jglick Jesse Glick added a comment -

            The PR for JENKINS-15212 does include whitelisting of the BadgeManager methods I felt were clearly safe. An individual admin can always manually whitelist others, or further plugin updates could include more whitelisted methods with reviewed semantics. Also a job developer can run the script outside the sandbox if the admin approves the whole script, which is less convenient but always available as a last resort.

            jglick Jesse Glick added a comment - The PR for JENKINS-15212 does include whitelisting of the BadgeManager methods I felt were clearly safe. An individual admin can always manually whitelist others, or further plugin updates could include more whitelisted methods with reviewed semantics. Also a job developer can run the script outside the sandbox if the admin approves the whole script, which is less convenient but always available as a last resort.
            danielbeck Daniel Beck added a comment -

            Right, forgot about the sandboxing being optional. Thanks for taking care of this issue!

            danielbeck Daniel Beck added a comment - Right, forgot about the sandboxing being optional. Thanks for taking care of this issue!

            People

              wolfs Stefan Wolf
              domi Dominik Bartholdi
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: