Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Why allowing Hudson to write to your downloads is a Bad Idea.

On 2011-09-14 09:42, Gunnar Wagenknecht wrote:
Am 14.09.2011 09:29, schrieb Thomas Hallgren:
How is that different from having an ACL that
permits Hudson to write to your download area?
Well, I don't have to run the cron job., i.e. it's it's under *my* control.

Indeed. My point is that if everyone writes a cron-job in order to gain control, then we move the responsibility to each individual project to ensure that what it copies is secure. How can each project ensure that if we assume that Hudson is compromised? I have no idea how I should write a cron-job that would detect malicious code cleverly hidden in a Hudson build result. Do you? Does anyone?

- thomas



Back to the top