The mystery is solved. Jenkins is not guilty at all. It was nodejs/npm who tried to install that library from sources, because it was not available in the system. I'm not sure why, I'm not sure if it succeed or not and I do not know why it does not clean up afterwards, but for now it sufficient for me to know that I'm not hacked. :-)
Jozef On Sunday, November 13, 2016 at 3:08:48 PM UTC+1, Baptiste Mathus wrote: > > Might be better that the plugin (?) cleans this up. But I'm not sure > that's a security issue: it's already on machine(s) where anyway that > source code constantly comes and goes on the disk. So? > > Le 9 nov. 2016 9:11 AM, "Jozef Babjak" <[email protected] <javascript:>> > a écrit : > >> Hello! >> >> My Jenkins is creating random (UUID-named) directories under /tmp >> directory. Each such directory contains C source codes of libjpeg-turbo, or >> at least something which look so. From security point of view it seems to >> me very suspicious, if such program like Java-based Jenkins is storing C >> sources. >> >> Is this anything which is expected? >> >> Some interesting environment settings follow below. >> >> Jozef >> >> ---- >> >> OS: Red Hat Enterprise Linux Server release 7.1 (Maipo) >> Jenkins: 2.19.2 >> Java: Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode) >> >> installed plugins: >> >> ace-editor 1.1 >> active-directory 2.0 >> analysis-core 1.79 >> ant 1.4 >> antisamy-markup-formatter 1.5 >> bouncycastle-api 2.16.0 >> branch-api 1.11.1 >> build-timeout 1.17.1 >> checkstyle 3.46 >> cloudbees-folder 5.13 >> credentials 2.1.8 >> dashboard-view 2.9.10 >> display-url-api 0.5 >> durable-task 1.12 >> email-ext 2.52 >> emailext-template 1.0 >> external-monitor-job 1.6 >> git 3.0.0 >> git-client 2.1.0 >> git-server 1.7 >> gradle 1.25 >> handlebars 1.1.1 >> icon-shim 2.0.3 >> javadoc 1.4 >> jquery-detached 1.2.1 >> junit 1.19 >> ldap 1.13 >> mailer 1.18 >> matrix-auth 1.4 >> matrix-project 1.7.1 >> maven-plugin 2.14 >> momentjs 1.1.1 >> pam-auth 1.3 >> pipeline-build-step 2.3 >> pipeline-graph-analysis 1.2 >> pipeline-input-step 2.3 >> pipeline-milestone-step 1.1 >> pipeline-rest-api 2.2 >> pipeline-stage-step 2.2 >> pipeline-stage-view 2.2 >> resource-disposer 0.3 >> role-strategy 2.3.2 >> scm-api 1.3 >> script-security 1.24 >> ssh-credentials 1.12 >> structs 1.5 >> timestamper 1.8.7 >> token-macro 2.0 >> windows-slaves 1.2 >> workflow-aggregator 2.4 >> workflow-api 2.5 >> workflow-basic-steps 2.3 >> workflow-cps 2.22 >> workflow-cps-global-lib 2.4 >> workflow-durable-task-step 2.5 >> workflow-job 2.8 >> workflow-multibranch 2.9 >> workflow-scm-step 2.2 >> workflow-step-api 2.5 >> workflow-support 2.10 >> ws-cleanup 0.32 >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Jenkins Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/jenkinsci-users/2420e301-ee95-4c5a-b080-290b73957658%40googlegroups.com >> >> <https://groups.google.com/d/msgid/jenkinsci-users/2420e301-ee95-4c5a-b080-290b73957658%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/f02fc114-77c8-4751-be7d-fd9f2e822e9c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
