Closed
Bug 1240888
Opened 8 years ago
Closed 7 years ago
prevent buildbot starting as root
Categories
(Release Engineering :: General, defect)
Release Engineering
General
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: catlee, Unassigned)
Details
Attachments
(4 files)
1.24 KB,
patch
|
kmoir
:
review+
vciobancai
:
checked-in+
|
Details | Diff | Splinter Review |
2.65 KB,
text/plain
|
Details | |
1.29 KB,
patch
|
kmoir
:
review+
vciobancai
:
checked-in+
|
Details | Diff | Splinter Review |
7.43 KB,
text/plain
|
Details |
We had some problems last week that were a result of buildbot being started as root on a few of our machines. We should modify the 'buildbot' script so that it exits with a failure message if you try and run it as root.
Updated•8 years ago
|
Assignee: nobody → vlad.ciobancai
Comment 1•8 years ago
|
||
Attached you can find the patch where I updated MAKEFILE in order to check if the make command is run as root for all the actions
Attachment #8709895 -
Flags: review?(kmoir)
Comment 2•8 years ago
|
||
Attached the output from the tests that I made on dev-master2
Updated•8 years ago
|
Attachment #8709895 -
Flags: review?(kmoir) → review+
Updated•8 years ago
|
Attachment #8709895 -
Flags: checked-in+
Reporter | ||
Comment 3•8 years ago
|
||
Looks good, but I think in this case the problem was that somebody ran 'buildbot start' directly, bypassing the Makefile.
Comment 4•8 years ago
|
||
(In reply to Chris AtLee [:catlee] from comment #3) > Looks good, but I think in this case the problem was that somebody ran > 'buildbot start' directly, bypassing the Makefile. :catlee do you want us to try to find a way to block when a user tries to start a buildbot by using root account and not using the Makefile?
Reporter | ||
Comment 5•8 years ago
|
||
yes, since that's the ultimate script that is being run, I think the safest thing is to have it prevent itself running as root.
Comment 6•8 years ago
|
||
Attached you can find the patch for buildbot script. The patch check if the script is started, restarted or reconfig under root account, if yes the script will exit.
Attachment #8710344 -
Flags: review?(kmoir)
Comment 7•8 years ago
|
||
Attached you can find the output from the tests that I made on dev-master2
Updated•8 years ago
|
Attachment #8710344 -
Flags: review?(kmoir) → review+
Updated•8 years ago
|
Attachment #8710344 -
Flags: checked-in+
Comment 8•8 years ago
|
||
:kmoir :catlle can I close this bug ?
Flags: needinfo?(kmoir)
Flags: needinfo?(catlee)
Comment 10•8 years ago
|
||
(In reply to Chris AtLee [:catlee] from comment #9) > This needs to be deployed to take effect. The patch has been pushed to default branch.
Comment 11•8 years ago
|
||
I don't know if this is worth updating all the masters with given that 1) we don't have a really good story for updating them all pulling the latest code in and hoping that it works 2) buildbot is on it's way out. There are other changes too if you compare default and production-0.8.
Flags: needinfo?(kmoir)
Comment 12•8 years ago
|
||
(In reply to Kim Moir [:kmoir] from comment #11) > I don't know if this is worth updating all the masters with given that 1) we > don't have a really good story for updating them all pulling the latest code > in and hoping that it works 2) buildbot is on it's way out. There are other > changes too if you compare default and production-0.8. Though its still a footgun, noteworthy is that jlund also accidentally started buildbot as root just yesterday on a misbehaving master... and though buildbot is on its way out there is still a long tail there.
Updated•8 years ago
|
Assignee: vciobancai → nobody
Reporter | ||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•6 years ago
|
Component: General Automation → General
You need to log in
before you can comment on or make changes to this bug.
Description
•