[Python-Dev] Another buildslave - Ubuntu again
"Martin v. Löwis"
martin at v.loewis.de
Fri May 4 09:15:24 CEST 2012
> That page would probably like a good cleanup. I don't even think
> creating an user is required - it's just good practice, and you
> probably want that user to have as few privileges as possible.
That's indeed the motivation. Buildbot slave operators need to
recognize that they are opening their machines to execution of
arbitrary code, even though this could only be abused by committers.
But suppose a committer loses the laptop, which has his SSH key
on it, then anybody getting the key could commit malicious code,
which then gets executed by all build slaves. Of course, it would
be possible to find out whose key has been used (although *not*
from the commit message), and revoke that, but the damage might
already be done.
Regards,
Martin
P.S. Another attack vector is through the master: if somebody
hacks into the machine running the master, they can also compromise
all slaves. Of course, we are trying to make it really hard to
break into python.org.
More information about the Python-Dev
mailing list