#buildbot on 2022-08-27 — irc logs at libera.irclog.whitequark.org

2022-03-07 03:24 verm__ changed the topic of #buildbot to: A Software Freedom Conservancy Project | Buildbot-3.5.0 | docs: http://docs.buildbot.net/current/ | tutorial: http://docs.buildbot.net/current/tutorial | irclogs: https://libera.irclog.whitequark.org/buildbot

08:46 StocksRoomm has joined #buildbot

17:40 StocksRoomm has quit [K-Lined]

21:45 Guest81 has joined #buildbot

21:46 <Guest81> hey I was wondering how much damage someone could do if they had root access to one of my worker bots (and the worker password)?

21:46 <Guest81> are there any protections in place for such a scenario?

21:52 <Guest81> for example, can the worker arbitrarily use the fileupload functionality on my master bot?

22:18 <glogan> Afaik yes

22:18 <glogan> Restricted by the master buildbot's uid perms

22:19 <glogan> Ie, you don't get root on the master, unless master is running buildbot as root.

22:21 <Guest81> how can I protect against this? my master instance contains all of my secrets

22:23 <Guest81> also, is there a way I can send commands from the worker to the master bot without having the master bot send the initial message?

22:23 <Guest81> for example something like `s = Worker(login)` then `s.sendCommand(TransferFile)`?

22:24 <Guest81> I want to be able to simulate an attack so I can protect the filesystem properly

22:26 Guest81 has quit [Quit: Client closed]

22:31 <glogan> Looking at https://docs.buildbot.net/latest/manual/configuration/steps/file_transfer.html I don't see a way to provide per-file protection. In theory the worker should be executing commands form the build pipeline and nothing else.

22:32 <glogan> But a rooted worker might have other code.

22:32 <glogan> Ah he's gone

23:07 Guest81 has joined #buildbot

23:07 Guest81 has quit [Client Quit]