2014-02-19 22:48 GMT+01:00 Kevin Ballard <[email protected]>: > On Feb 19, 2014, at 12:28 PM, Corey Richardson <[email protected]> wrote: > > This is a pretty bad idea, allowing *arbitrary unreviewed anything* to > run on the buildbots. All it needs to do is remove the contents of its > home directory to put the builder out of commission, afaik. It'd > definitely be nice to have it run tidy etc first, but there needs to > be a check tidy or any of its deps. > > > This is a very good point. And it could do more than that too. It could > use a local privilege escalation exploit (if one exists) to take over the > entire machine. Or it could start sending out spam emails. Or maybe it > starts mining bit coins. > > Code should not be run that is not at least read first by a reviewer. > > I should have expanded more that thought.
I'm not expecting this to be doable with the way our jobs now. This would require things like: * Running jobs isolated boxes / VMs * Set limits on the execution time * Remove any internet connection in the box (?) * [add here whatever would make this more secure] I'm not proposing something new here. This is something that I've seen done in several communities (OpenStack's is one of those) and as mentioned in my previous emails, there's some benefit behind this. -- Flavio (@flaper87) Percoco http://www.flaper87.com http://github.com/FlaPer87
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
