[libvirt-jenkins-ci PATCH v2 2/6] guests: users: Create a bin/ directory in the flavor user's home

Daniel P. Berrangé berrange at redhat.com
Tue Apr 7 11:48:34 UTC 2020

On Tue, Apr 07, 2020 at 01:45:46PM +0200, Erik Skultety wrote:
> On Tue, Apr 07, 2020 at 12:37:01PM +0100, Daniel P. Berrangé wrote:
> > On Tue, Apr 07, 2020 at 01:31:17PM +0200, Erik Skultety wrote:
> > > We're creating a dedicated user to run the gitlab agent, so why not
> > > store the agent within the user profile and execute it from there.
> >
> > I'm wary of this as it seems like it can create a exploit vector.
> > ie malicious code running as the gitlab account can replace the
> > gitlab agent binary in its $HOME.
> >
> > Shouldn't the binary be in /usr/local/bin and owned by root so
> > it is completely separated  ?
> That's what I've done in v1 (though not because of the possible attack vector
> you mention), but it was suggested to move it to user's $HOME [1].
> [1] https://www.redhat.com/archives/libvir-list/2020-March/msg01424.html
> I'll change it to the original version on my local branch.

Hmm, for that matter, we shouldn't store the config file in the
/home/gitlab/.gitlab-runner  directory either.

Essentially we should try to assume anything in $HOME is subjec to
arbitrary deletion in order to restore a clean state, so we shouldn't
try to keep important files there.

|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list