Untrusted playbook task execution on executors
Monty Taylor
mordred at inaugust.com
Wed Nov 28 22:11:15 UTC 2018
Dear Zuul operators,
The change to allow the use of add_host in untrusted playbooks, which
was included in Zuul version 3.3.0, inadvertently opened the door for an
user to abuse the ssh_executable parameter to cause a command to be run
on the executor. We do not believe this would have given jobs access to
the executor host as every job is sandboxed within a bubblewrap
container with minimal access to the filesystem and other resources.
Further information can be found in StoryBoard:
https://storyboard.openstack.org/#!/story/2004405
This is fixed by https://review.openstack.org/620635 which has been
included in Zuul version 3.3.1. It is strongly advised to update to
3.3.1 or latest master and restart any running zuul-executor processes.
Sorry for any inconveniences.
Thanks!
Monty
More information about the Zuul-announce
mailing list