)]}'
{"specs/zuulv3-executor-security.rst":[{"author":{"_account_id":6589,"name":"Jesse Keating","email":"jkeating@j2solutions.net","username":"jesse-keating"},"change_message_id":"f13ef2d114d644ccfa0151a2a0abbc76611bb43a","unresolved":false,"context_lines":[{"line_number":159,"context_line":"`ansible-playbook`. Because `ssh-agent` only signs challenges, it will"},{"line_number":160,"context_line":"mean that a malicious user will have to be able to do more than just log"},{"line_number":161,"context_line":"the private key to make use of it, and their access to the key will end"},{"line_number":162,"context_line":"when their access to `ssh-agent` ends."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"This will require making sure the socket is visible inside containment,"},{"line_number":165,"context_line":"and passing in the environment necessary to help `ssh` find it."}],"source_content_type":"text/x-rst","patch_set":1,"id":"5ff73747_a9c46b41","line":162,"updated":"2017-05-03 18:45:45.000000000","message":"Does our belt and suspenders approach prevent a malicious user from using ssh on the host to forward the agent to other remote hosts? If the agent is forwarded to the nodepool node, where we do not restrict the commands being used, one could fiddle with the agent at that point.","commit_id":"a32f84b439b73149792bc51f9d4406b715b99a01"},{"author":{"_account_id":6488,"name":"Clint Byrum","email":"clint@fewbar.com","username":"clint-fewbar"},"change_message_id":"a42d0bbeb796ebb8508e35c12ebdd16ee4773a8f","unresolved":false,"context_lines":[{"line_number":159,"context_line":"`ansible-playbook`. Because `ssh-agent` only signs challenges, it will"},{"line_number":160,"context_line":"mean that a malicious user will have to be able to do more than just log"},{"line_number":161,"context_line":"the private key to make use of it, and their access to the key will end"},{"line_number":162,"context_line":"when their access to `ssh-agent` ends."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"This will require making sure the socket is visible inside containment,"},{"line_number":165,"context_line":"and passing in the environment necessary to help `ssh` find it."}],"source_content_type":"text/x-rst","patch_set":1,"id":"3f044301_4bcbd1a4","line":162,"updated":"2017-05-03 22:05:59.000000000","message":"Great point. This danger does suggest that we would want an ssh-agent per bwrap to prevent DoS of other sessions.","commit_id":"a32f84b439b73149792bc51f9d4406b715b99a01"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"a889e73735b49f247626287c8539ed9fb615a32a","unresolved":false,"context_lines":[{"line_number":159,"context_line":"`ansible-playbook`. Because `ssh-agent` only signs challenges, it will"},{"line_number":160,"context_line":"mean that a malicious user will have to be able to do more than just log"},{"line_number":161,"context_line":"the private key to make use of it, and their access to the key will end"},{"line_number":162,"context_line":"when their access to `ssh-agent` ends."},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"This will require making sure the socket is visible inside containment,"},{"line_number":165,"context_line":"and passing in the environment necessary to help `ssh` find it."}],"source_content_type":"text/x-rst","patch_set":1,"id":"df140735_9f4fdb33","line":162,"in_reply_to":"3f044301_4bcbd1a4","updated":"2017-06-06 17:43:54.000000000","message":"We could potentially use ssh-add -c when have an sshaskpass program that only confirms the key the first time. This however would prevent jobs from rebooting nodes (a feature that we don\u0027t have today that comes up periodically) and is likely more complicated to implement than the key per env idea.","commit_id":"a32f84b439b73149792bc51f9d4406b715b99a01"}]}