> How isolated is the Jenkins instance? As far as I know, the workers have little access to the coordinator. See here:
https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control This flag is on and there are no whitelisted exceptions. > Does the jenkins user have many privileges on the VM? They have passwordless sudo on the worker > Could it simply wipe > out the job history to destroy the trail? Job history is stored on the coordinator. > Jenkins also presumably has > credentials to make at least some changes to gerrit - are those privileges > restrictive enough that it couldn't cause problems there too? Those are stored only on the coordinator and cannot be used by the slaves.
