woodpecker

mirrors/woodpecker

Fork 0

mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2024-09-27 06:00:10 +00:00

Commit graph

Author	SHA1	Message	Date
6543	58303dd2a7	Move value of default clone image into shared constant package (#873 )	2022-04-06 15:30:49 +02:00
mscherer	c3788d943f	Fix insecure /tmp usage in local backend (#872 ) Since /tmp is writable by everybody, a user could precreate /tmp/woodpecker with 777 permissions, allowing them to modify the pipeline while it is being run, or preventing the pipeline from running. And since os.MkdirAll error code wasn't checked, the same attacker could have precreated the directory where the pipeline is executed to mess with the run, allowing code execution under the UID of the agent (who has access to the toke, to communicate with the server, which mean a attacker could inject a fake agent, steal credentials, etc)	2022-04-06 03:33:00 +02:00
Anthony Wang	80c72b590c	Add support to run pipelines using a local backend (#709 ) This adds support for #559. I tested using [this .woodpecker.yml](https://git.exozy.me/Ta180m/Hello-world/src/branch/main/.woodpecker.yml) on my self-hosted [Woodpecker instance](https://ci.exozy.me/Ta180m/Hello-world). I was also able to get this to build [Hugo websites](https://ci.exozy.me/Ta180m/howtuwu/build/1). It's currently very simplistic but works! close #559	2022-03-10 22:07:02 +01:00

Author

SHA1

Message

Date

6543

58303dd2a7

Move value of default clone image into shared constant package (#873 )

2022-04-06 15:30:49 +02:00

mscherer

c3788d943f

Fix insecure /tmp usage in local backend (#872 )

Since /tmp is writable by everybody, a user could precreate
/tmp/woodpecker with 777 permissions, allowing them to modify the
pipeline while it is being run, or preventing the pipeline from running.

And since os.MkdirAll error code wasn't checked, the same attacker
could have precreated the directory where the pipeline is executed to
mess with the run, allowing code execution under the UID of the
agent (who has access to the toke, to communicate with the server, which
mean a attacker could inject a fake agent, steal credentials, etc)

2022-04-06 03:33:00 +02:00

Anthony Wang

80c72b590c

Add support to run pipelines using a local backend (#709 )

This adds support for #559. I tested using [this .woodpecker.yml](https://git.exozy.me/Ta180m/Hello-world/src/branch/main/.woodpecker.yml) on my self-hosted [Woodpecker instance](https://ci.exozy.me/Ta180m/Hello-world). I was also able to get this to build [Hugo websites](https://ci.exozy.me/Ta180m/howtuwu/build/1). It's currently very simplistic but works!

close #559

2022-03-10 22:07:02 +01:00

1 2

53 commits