[users at bb.net] Improvement request for "security" wiki page.

Dustin J. Mitchell dustin at v.igoro.us
Thu Nov 5 13:55:30 UTC 2015 

(dropping botherders)

"Security" is a pretty general term -- I don't think we can squeeze
everything which someone might want to find in a search for "Buildbot
security" onto that page!  The page is intended to document our security
incident response process.

The master/slave protocol is probably what you're looking for in this case:
  http://docs.buildbot.net/latest/developer/master-slave.html

The protocol is "Perspective Broker" (a Twisted RPC protocol) and by
default it is over a cleartext channel.  Since slaves authenticate to
masters, the risk from a password disclosure is that the master would
provide some private information to the slave which could be intercepted.
A MITM is also possible, in which case the slave could be made to execute
arbitrary code (that being its purpose in life).  Both attacks can be
mitigated by using TLS, although this is not trivial to configure,
particularly if you want to perform proper certificate validation.

Dustin

On Wed, Nov 4, 2015 at 10:55 PM, Bill Deegan <bill at baddogconsulting.com>
wrote:

> Nathan,
>
> Thanks for the feedback, though most likely it'd be better if you sent the
> buildbot users mailing list
> https://lists.buildbot.net/mailman/listinfo/users
>
> The botherders mailing list is really mean for use in managing the
> buildbot project, and coordinating the botherders (like board members for
> the project).
>
> Thanks,
> -Bill
>
> On Wed, Nov 4, 2015 at 1:32 PM, Nathan Wilcox <nathan at leastauthority.com>
> wrote:
>
>> I'm a one week old buildbot user, and I've only read the tutorial and
>> parts of the manual specific to ``master.cfg``. I recall that a
>> ``BuildSlave`` takes a password, but I'm not sure what kind of
>> connection/protocol transmits those credentials, or commands from the
>> master to the slave. So I searched for "buildbot security".
>>
>> For my particular filter bubble on this particular day, a google search
>> of "buildbot security" [1] returns the "security" page on the trac wiki for
>> buildbot [2].
>>
>> If that wiki page either contained a quick summary of the security model,
>> or (better, IMO) links to the relevant sections in the official docs, then
>> people who take this route would find that information.
>>
>> [1] https://www.google.com/search?q=buildbot+security&ie=utf-8&oe=utf-8
>> [2] http://trac.buildbot.net/wiki/Security
>>
>>
>> --
>> Nathan Wilcox
>> Least Authoritarian
>>
>> email: nathan at leastauthority.com
>> twitter: @least_nathan
>>
>> _______________________________________________
>> botherders mailing list
>> botherders at buildbot.net
>> https://lists.buildbot.net/mailman/listinfo/botherders
>>
>
>
> _______________________________________________
> users mailing list
> users at buildbot.net
> https://lists.buildbot.net/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20151105/9447e920/attachment.html>

More information about the users mailing list