On Tue, Apr 07, 2020 at 12:48:34PM +0100, Daniel P. Berrangé wrote: > On Tue, Apr 07, 2020 at 01:45:46PM +0200, Erik Skultety wrote: > > On Tue, Apr 07, 2020 at 12:37:01PM +0100, Daniel P. Berrangé wrote: > > > On Tue, Apr 07, 2020 at 01:31:17PM +0200, Erik Skultety wrote: > > > > We're creating a dedicated user to run the gitlab agent, so why not > > > > store the agent within the user profile and execute it from there. > > > > > > I'm wary of this as it seems like it can create a exploit vector. > > > ie malicious code running as the gitlab account can replace the > > > gitlab agent binary in its $HOME. > > > > > > Shouldn't the binary be in /usr/local/bin and owned by root so > > > it is completely separated ? > > > > That's what I've done in v1 (though not because of the possible attack vector > > you mention), but it was suggested to move it to user's $HOME [1]. > > [1] https://www.redhat.com/archives/libvir-list/2020-March/msg01424.html > > > > I'll change it to the original version on my local branch. > > Hmm, for that matter, we shouldn't store the config file in the > /home/gitlab/.gitlab-runner directory either. Yes, I'll make sure the config is under the default system location in /etc/gitlab-runner/ with read permissions for the gitlab user. Thanks, -- Erik Skultety
