Stefano Mazzocchi wrote:
Gump is the most insecure system ever,
hpfft.
since it downloads software from all over the world. This means that even a committer of a library that we depend upon could gain control of gump and use its ssh keys to upload nasty content on your web site.
Gump security is based on its profile, environment, and permissions, just like for any other process. You could probably set up a restricted gump instance with a restricted profile, restricted access, etc etc. Run it on an infrastructure-controlled box. Run a restricted profile. Use http redirects, read only NFS mounts, or a pull based setup.
In other words: replace part of forrestbot with gump.
From a security perspective, gump is a python script controlled using XML configuration that knows how to download things from cvs and svn, how to run ant and other tools on those downloaded things, and what to do with the results of those tool invocations.
This is not inherently less secure than, say, putting a crontab file in CVS.
there is a huge difference, Leo. forrestbot is never executing anything, gump is and is executing things that are downloaded from an external untrusted environment.
-- Stefano.
smime.p7s
Description: S/MIME Cryptographic Signature
