How to Sandbox Ant Builds within Hudson -

-

I am using the Hudson Build system as a centralized, "sterile" build environment for a large company whose There is a very distributed development (from both a geographic and managerial perspective) to ensure that one goal is to create only one task of a source control tree and a build script (part of that tree). In this way, we can be certain that the code placed in the production environment actually generated from our source control system

Hudson has a complete set of specified rights to the user implementing himself on the Hudson server Ant script provided because we want to allow individual development groups to modify their construction script without admin intervention , We (1) would like a way to create a sandbox creation process to limit potential pitfalls due to a wrong builder script, and (2) avoid all games to include any malicious code in a build Could.

Here I think I want (at least for the ant, we are not using Maven / Ivy yet):

  • near the ant build script Only access to your workspace directory is
  • This can only be read from source tree (so that SVN update can be trusted and no other code is entered).
  • Perhaps some specific directories (ant distribution, JDK, etc.) may be allowed to read, which are required for building organs.

I can think of three ways to implement it:

  1. Write an ant cover which is used to prevent access to Java security models.
  2. Create a user for each build and assign the rights described above. Launch makes this user space in.
  3. Use the Linux "prison" to avoid the burden of creating a new user account for each build process ( Renewed ). Although I know a bit about them, but we will recently run our build on a Linux box with a RedHatEL distro.

Am I thinking about this problem right?

Update 2:

Update : This man is considered a prudent prison idea:

Update 2: Trust is an interesting word Do we think that any developer can do anything malicious? No. However, I am sure, with the developer-updated scripts, with the creation of 30 projects during one year, (1) accidental clubbing of file system areas outside the project area, and (2) there will be many examples of construction Corruption who take a lot of time to find out, do we trust to trust all of our developers? No. I do not trust myself at that level, to make sure it is.

Regarding malicious code insertion, the real goal is to be able to eliminate the possibility from the idea, if someone thinks that such a thing could be .

In addition, with control, developers can modify their own creation script and test them without fear of disaster. This will create "innovation" and higher levels of quality implemented by the manufacturing process (unit test execution, etc.).

It may be that you can change something, but if you can not trust the developers then your If there is a big problem, what can they do in your build machine?

You can go about this in a different way, if you can not believe what is going to run, you should work in the form of a build master to not only confirm changes in your SCMM. There may be a need for a dedicated person (individuals), but it can also execute the build.

Then there is a clear path of responsibility for the build to build the build and only to come from that build system.

Another option is to allow some resources such as firewalls, your SCM server, from outbound requests, and your other operating network resources such as e-mails, OS updates, etc.

This will prevent people from requesting to remove ant from ant. He does not create systems for resources under source control.

When using Hudson, you can set master / slave configuration and do not allow to be displayed on master. If you configure to become a slave in the virtual machine, it can be easily snapshot and restore again, then you do not have to worry about someone who makes the build environment messy. If you apply firewall to these slaves, then it should solve the needs of your isolation.


Comments

Post a Comment

Popular posts from this blog

c# - ListView onScroll event -

-
I am programming a simple C # application, and I need a Scallow event on the list view. So I inherited the original ListView class created in ListviewEx witch. I found out how to locate the scroll message from WinAPI and I modified the WndProc method. Now I have this WndProc: protected override zero WndProc (Ref message message) {base.WndProc (Ref I); If (m.msg == WM_VSCROLL) {onScroll (This, New EventArgs ()); }} But the problem is, I do not know how to know about scrolling information. This data should be in wParam, but there is a LOWORD macro ++ like in C in C # and I switch to find the criteria like SB_ below, SB_ENDSCROLL, SB_PAGEUP etc. there any way Need to change the LOWORD macro from C #? Or any other way to find the necessary parameters about scrolling? You can define the WParam constants as the following: Private const int WM_HSCROLL = 0x114; Private Constant WM_VSCROLL = 0x115; Private contact int SBHOZZ = 0; Private Consultant SB_VERT = 1; Private Con...
Read more

PHP - get image from byte array -

-
I am trying to create a back-end for my mobile application. I am sending the content of an image in the body of the HTTP request (output stream) as a byte array, I want to read this stream of bytes in PHP scripts and take back an image. Can anyone tell me how can I do this? Thank you. You can obtain the request body $ body = Reading from file_get_contents ('php: // input'); What you do with that data Depending on you, you can write the data in a file as you mentioned that this is image data, you can drop the data into the object can do. Another option is to use and load the image.
Read more

Linux Terminal Problem with Non-Canonical Terminal I/O app -

-
I have a small app written in C to run on Linux. Part of the app accepts user-input from keyboard , And it uses non-canonical terminal mode so that it can respond to each keystroke. The section of the code that accepts input is a simple task that is called repeatedly in the loop: char get_input () {char C = 0; Int res = reading (input_tamille, & amp; c, 1); If (RSS == 0) 0 returns; If (res == -1) {/ * snip error handling * /} return c; } It reads a letter from the terminal if there is no input within a given time limit, (c_cc [VTIME] value in the vocabulary structure), read () 0 And get_input () is called again It all works very well, I have recently discovered that if you run this app in a terminal window, and then the app Close the terminal window without ending, the app will not exit Received, but CPU intensive launches into an infinite loop, where the read () returns 0 without waiting continued. So how can I get out of the apple if it runs from the terminal win...
Read more