[csw-buildfarm] Better security for home directories
Maciej (Matchek) Bliziński
maciej at opencsw.org
Mon May 6 09:30:27 CEST 2013
I'm working on a rewrite of a large portion of our checkpkg/pkgdb code
base. One of the things that I want to change is using REST from all of the
build hosts, when running checkpkg. Talking via REST requires
authenticating via HTTP. We use password based authentication, with
passwords living in a specific place in the filesystem. It's currently only
on login, no problem to maintain. But if we want that to be accessible from
every build host, we would either need to copy the auth (password
containing) files to every build host, or keep them in home directories.
But home directories are readable by root, and people have root on testing
(experimental) boxes.
I suggest: let's remove home directory exports on boxes where people have
root.
Thoughts?
Maciej
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/buildfarm/attachments/20130506/4ce920df/attachment.html>
More information about the buildfarm
mailing list