On Tue, Apr 07, 2020 at 01:45:46PM +0200, Erik Skultety wrote:
On Tue, Apr 07, 2020 at 12:37:01PM +0100, Daniel P. Berrangé wrote:
On Tue, Apr 07, 2020 at 01:31:17PM +0200, Erik Skultety wrote:
We're creating a dedicated user to run the gitlab agent, so why not store the agent within the user profile and execute it from there.
I'm wary of this as it seems like it can create a exploit vector. ie malicious code running as the gitlab account can replace the gitlab agent binary in its $HOME.
Shouldn't the binary be in /usr/local/bin and owned by root so it is completely separated ?
That's what I've done in v1 (though not because of the possible attack vector you mention), but it was suggested to move it to user's $HOME [1]. [1] https://www.redhat.com/archives/libvir-list/2020-March/msg01424.html
I'll change it to the original version on my local branch.
Hmm, for that matter, we shouldn't store the config file in the /home/gitlab/.gitlab-runner directory either. Essentially we should try to assume anything in $HOME is subjec to arbitrary deletion in order to restore a clean state, so we shouldn't try to keep important files there. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|