woodpecker/pipeline/backend
mscherer c3788d943f
Fix insecure /tmp usage in local backend (#872)
Since /tmp is writable by everybody, a user could precreate
/tmp/woodpecker with 777 permissions, allowing them to modify the
pipeline while it is being run, or preventing the pipeline from running.

And since os.MkdirAll error code wasn't checked, the same attacker
could have precreated the directory where the pipeline is executed to
mess with the run, allowing code execution under the UID of the
agent (who has access to the toke, to communicate with the server, which
mean a attacker could inject a fake agent, steal credentials, etc)
2022-04-06 03:33:00 +02:00
..
docker Improve agent backend loading and suppress expectable errors (#818) 2022-03-08 16:21:43 +01:00
kubernetes Fix pipeline backend autodetect (#545) 2021-11-27 02:29:14 +01:00
local Fix insecure /tmp usage in local backend (#872) 2022-04-06 03:33:00 +02:00
types pipeline backend: remove unused var (#683) 2022-01-09 23:28:41 +01:00
backend.go Add support to run pipelines using a local backend (#709) 2022-03-10 22:07:02 +01:00