Closed
Bug 875127
Opened 11 years ago
Closed 11 years ago
SecReview: proxy read only servo buildbot interface somewhere public
Categories
(mozilla.org :: Security Assurance: Review Request, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bhearsum, Assigned: rforbes)
References
Details
(Whiteboard: [pending secreview][Web])
Read-only WebStatus is here: http://buildbot-master-servo-01.srv.servo.releng.use1.mozilla.com:8001/ I'm not sure what the entry point URL should be, or which system should handle the proxying. Dustin, maybe you have a better idea? Setting sec-review? per IRC.
Flags: sec-review?(jstevensen)
Comment 1•11 years ago
|
||
My suggestion is to proxy this via http://servo-buildbot.pub.build.mozilla.org. Exactly how that's implemented isn't important. HTTP because there are no credentials involved.
Updated•11 years ago
|
Flags: sec-review?(jstevensen) → sec-review?(gdestuynder)
Comment 2•11 years ago
|
||
Moving over to webappsec per :kang's advice. I'm happy to discuss the finer points in whatever medium is easiest. I'm the Buildbot maintainer so I have a decent amount of knowledge of its internals. Note that it is not currently possible to run the web UI on a different host from the master itself. There's probably about 1 FTE-year of work to do to get to that point, so if Mozilla happened to want that badly enough, I'm sure I could make good use of a contractor ;) For comparison, this is very similar to http://buildbot.rust-lang.org -- just not hosted in labs. The servo-related networks are well isolated from the releng network.
Component: Release Engineering: Automation (General) → Security Assurance: Review Request
Flags: sec-review?(gdestuynder)
QA Contact: catlee → mcoates
Summary: proxy read only servo buildbot interface somewhere public → SecReview: proxy read only servo buildbot interface somewhere public
Whiteboard: [pending secreview]
The major issue with this project is that the exposesd web interface runs on the build masters. Those machines, if compromised, can compromise all the build system (in this case, servo). I did recommend splitting the UI from the master hence comment 2, as it seems to be a difficult task.
Comment 4•11 years ago
|
||
* Who is/are the point of contact(s) for this review? Ben and me * Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.): Buildbot is a continuous-integration framework being used to build and test Servo. * Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description: http://buildbot.net https://github.com/buildbot/buildbot * Does this request block another bug? If so, please indicate the bug number Bug 861283 * This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review? Ben? * To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list? If so, which goal? Yes; https://intranet.mozilla.org/2013Q2Goals#Release_Engineering [ON TRACK] initial support for Servo builds bug 861283 * Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users? Yes; Servo is expected to be a part of Firefox eventually * Are there any portions of the project that interact with 3rd party services? No * Will your application/service collect user data? If so, please describe No * If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size): see comment 2 * Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite Me, Ben
Reporter | ||
Comment 5•11 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] from comment #4) > * This review will be scheduled amongst other requested reviews. What is the > urgency or needed completion date of this review? > > Ben? Without asking that this bump other work, as soon as possible. Right now I'm stuck relaying logs to the people that actually need them. Hopefully the Rust already has a publicly accessible Buildbot will hurry this along? > * Does this feature or code change affect Firefox, Thunderbird or any > product or service the Mozilla ships to end users? > > Yes; Servo is expected to be a part of Firefox eventually It's worth noting that Servo is still in very early stages, though, and will likely be code dropped into other repositories when the time comes to integrate.
Component: Security Assurance: Review Request → Release Engineering: Automation (General)
Updated•11 years ago
|
Component: Release Engineering: Automation (General) → Security Assurance: Review Request
Updated•11 years ago
|
Assignee: nobody → gdestuynder
:kang looked at this from the opesec side and this now needs a websec review, assigning to :rforbes
Assignee: gdestuynder → rforbes
Reporter | ||
Comment 7•11 years ago
|
||
Any update or timeline here? I'm acting as a human proxy until this is done, which isn't very efficient for the Servo folks.
Reporter | ||
Updated•11 years ago
|
Flags: needinfo?(rforbes)
Assignee | ||
Comment 8•11 years ago
|
||
is there an instance up that I can run some pen tests against?
Flags: needinfo?(rforbes)
Comment 9•11 years ago
|
||
buildbot-master-servo-01.srv.servo.releng.use1.mozilla.com.
Comment 10•11 years ago
|
||
You can have your way with buildbot.buildbot.net, too. I'd love to make a good chemspill release :)
Reporter | ||
Comment 11•11 years ago
|
||
(In reply to Dustin J. Mitchell [:dustin] from comment #9) > buildbot-master-servo-01.srv.servo.releng.use1.mozilla.com. Use port 8001 for this, please. That's the exact read-only interface that we want to proxy.
Assignee | ||
Comment 12•11 years ago
|
||
can i get an account on the buildbot.buildbot.net system? thanks!
Assignee | ||
Comment 13•11 years ago
|
||
ok, so i went through this. sorry it took me so long. i didn't find anything to call out. i will say that on our network we will require SSL connection since there is a login, and our preference would be to not have a single user name and password that is shared. other than that, feel free to deploy.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 14•11 years ago
|
||
(In reply to Raymond Forbes[:rforbes] from comment #13) > ok, so i went through this. sorry it took me so long. i didn't find > anything to call out. i will say that on our network we will require SSL > connection since there is a login, and our preference would be to not have a > single user name and password that is shared. other than that, feel free to > deploy. Thanks Raymond. I'm not sure what you mean by using SSL or usernames+passwords though...the Servo interface is read-only, HTTP, and doesn't require any authentication: http://buildbot-master-servo-01.srv.servo.releng.use1.mozilla.com:8001/. I'd be fine with adding SSL at whatever the frontend host ends up being, but this is supposed to be a public interface - so a username and password doesn't really make sense to me...
Assignee | ||
Comment 15•11 years ago
|
||
to be clear, i was looking at buildbot.buildbot.net. i thought that was a representation of what we would be doing. when i go there the site is not ssl and there is a login page. that is what i was basing it on.
Reporter | ||
Comment 16•11 years ago
|
||
(In reply to Raymond Forbes[:rforbes] from comment #15) > to be clear, i was looking at buildbot.buildbot.net. i thought that was a > representation of what we would be doing. when i go there the site is not > ssl and there is a login page. that is what i was basing it on. Ah, OK. Does that mean we're OK without authentication for the Servo master?
Comment 17•11 years ago
|
||
I'm sorry to have muddied the waters so! I think that the servo buildmaster is a strict subset of buildbot.buildbot.net in terms of attack surface, so if bb.bb.net is OK, servo is too. Raymond, please let me know if you disagree.
Assignee | ||
Comment 18•11 years ago
|
||
that sounds ok to me. go ahead with your plans.
Updated•11 years ago
|
Whiteboard: [pending secreview] → [pending secreview][Web]
You need to log in
before you can comment on or make changes to this bug.
Description
•