On 10/7/2011 6:18 AM, Glyph wrote:
To sum up what I believe is now the consensus from this thread:
1. Anyone setting up a buildslave should take care to invoke the build
in an environment where an out-of-control buildbot, potentially
executing arbitrarily horrible and/or malicious code, should not
damage anything. Builders should always be isolated from valuable
resources, although the specific mechanism of isolation may differ.
A virtual machine is a good default, but may not be sufficient;
other tools for cutting of the builder from the outside world would
be chroot jails, solaris zones, etc.
2. Code runs differently as privileged vs. unprivileged users.
My particular concern with testing as an unprivileged user comes from
experience with too many (commercial, post-XP) Windows programs that
only run correctly as admin (without an obvious good reason).
Therefore builders should be set up in both configurations, running
the full test suite, to ensure that all code runs as expected in
both configurations. Some tests, as the start of this thread
indicates, must have some special logic to make sure they do or do
not run, or run differently, in privileged vs. unprivileged
configurations, but generally speaking most things should work in
both places.
3. Access to root my provide access to slightly surprising resources,
even within a VM (such as the ability to send spoofed IP packets,
change the MAC address of even virtual ethernet cards, etc), and
administrators should be aware that this is the case when
configuring the host environment for a run-as-root builder. You
don't want to end up with a compromised test VM that can snoop on
your network.
--
Terry Jan Reedy
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
