On 31 January 2012 18:14, Christian Robottom Reis <k...@linaro.org> wrote: > On Tue, Jan 31, 2012 at 03:50:37PM +0000, James Tunnicliffe wrote: >> Hi, >> >> https://wiki.linaro.org/Platform/Android/LinaroAndroidBuildService has >> been updated with these instructions about a new build option: >> >> EXTERNAL_TARBALL >> >> Use to request that the build system fetch an archive from the >> location that you set EXTERNAL_TARBALL to and unpack it into >> build/external_tarballs (build is the build root directory. This exact >> path can be written as >> $BUILD_SCRIPT_ROOT/../../build/external_tarballs). Multiple archives >> can be requested, separated by ";", e.g. >> EXTERNAL_TARBALL="http://foo.com/ball1.tar.gz;http://foo.com/ball2.tar.bz2" > > Nice work. I just wonder if there is a potential attack vector here -- > is the build configuration writeable by any users invoked during the > build or setup process?
Each build is run on a clean EC2 instance, so shouldn't worry about logins left behind from other activities. This certainly doesn't open us up to any more problems than a user who has write access to the box could cause any other way. -- James Tunnicliffe _______________________________________________ linaro-dev mailing list linaro-dev@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-dev