[Fuego] [PATCH] ftc: process jenkins_enabled

daniel.sangorrin at toshiba.co.jp daniel.sangorrin at toshiba.co.jp
Mon Mar 4 08:38:03 UTC 2019 

Hello Tim,

> From: Tim.Bird at sony.com <Tim.Bird at sony.com>
> >  # if running as root, switch to jenkins
> >  # for now, use sudo, but could change to use direct setuid calls
> > -def user_check():
> > +def user_check(conf):
> > +    if not conf.jenkins_enabled:
> > +        return
> > +
> OK - this is quite dicey from a security standpoint.  We really shouldn't
> be running things as root, even if we're inside the Docker container.
> If ftc is running outside the Docker container, this is especially problematic.
> 
> I'm going to put a FIXTHIS on this, but it worries me that we might forget
> and not come back to fix this up.  If we're not using Jenkins, it might be worthwhile
> to define a 'fuego' user account (in the Docker container or on the host), and
> switch to that in this routine, so that operations done in the context of a test
> are not performed as the root account.
> 
> This trusts the tests (which could be coming from a 3rd party or an untrusted source)
> way too much.

OK, I see your point but there are multiple use-cases that we need to address.

1.- With Jenkins: here we definitely need to use the 'jenkins' user.
2.- Without Jenkins and host-target configuration: the user should not (and doesn't need) to run with root permissions
   - I will add a default user 'fuego' to Dockerfile.nojenkins, and make sure that when users start a container the default user is 'fuego' and not 'root'.
   - There is nothing in this patch that prevents a user from running 'ftc' with or without root-permissions. We could test for a "fuego" user, and switch automatically to it in case it exists. However, that may cause conflicts with the next use case. For that reason, I think that there is no need for adding a fixthis at that place once the Dockerfile.nojenkins is fixed.
3.- Without Jenkins and a host-only configuration: when you want to run tests on your PC (host-only/native) then it really depends on what tests you want to run. Tests with NEED_ROOT=1 will require you to have root permissions when you run 'ftc'. In this case, the user must decide whether using root-permissions (sudo) or not.

What do you think?

Thanks,
Daniel

More information about the Fuego mailing list