On 30.09.2015, at 08:30, Victor Martinez <victormartinezru...@gmail.com> wrote:
> On the other hand, if the security is one of the important pieces then any > Builder might be affected easily since AFAIK they don't run in any sandbox > therefore you might run "rm -rf /" and change the restriction label as > "master". Does it mean "Shell plugin" (I know it's part of the core) is > unsecured? If so, does it mean any other plugins which are using it are also > unsecured? And that's an example of bypassing the "security layout". Don't > get me wrong, I do like the idea of adding value to Jenkins with this wizard > feature, but what I don't like is the way of filtering plugins which are > useful IMO. (Accidentally sent this to Victor directly) It's possible to secure an instance well enough from this by e.g. setting the number of executors on master to 0. Another option would be plugins that limit what can be built where using the QueueTaskDispatcher extension point. Sure, users can still wreak havoc on slaves, but that's probably less of an issue than having unrestricted access to JENKINS_HOME. Regarding the plugin criteria, it looked like a good idea to not surprise users by including plugins that make any security configuration they may configure irrelevant. Maybe I'm wrong about this and nobody cares (but then I wonder why Role Strategy is so popular, complex security setups that are too painful doing with matrix-auth is the one thing it does). So if there are others who think that plugins undermining an admin-defined security setup should be allowed into the wizard, please say so. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/E7360758-4A6F-430D-B913-DE6FE633040D%40beckweb.net. For more options, visit https://groups.google.com/d/optout.