Jenkins executes processes on agents. Since you're allowing a process to compile code and execute tests on an agent, you're accepting that the agent is at risk from that compilation and execution.
One of the way to reduce that risk is to never execute build jobs on the master agent. That also help scalability, since the master agent generally has plenty of work to do being the master of all the other agents. Another way to reduce that risk is to create and destroy an agent for each build process. Then the damage which the build and test process can do is limited to the agent running the build. There are plugins which will create and destroy virtual machines from Jenkins. There are plugins which will create and destroy Docker instances from Jenkins. Mark Waite On Thu, Mar 2, 2017 at 8:21 AM <andrew.lu...@l3t.com> wrote: > Hi, > > We have a Jenkins installation running under windows, pulling from SVN, > that is building some VS2010/VS2015 projects. > > Those projects are using google test for automated testing. > > How does one prevent those google test projects from accessing the build > server from outside of the build workspace? > > That seems to be a big security hole. You seem to be able to impact the > whole build server from a google test project. > > Google test is not something that is installed. They are just libraries > included with the project. > > Am I missing a security setting in Jenkins somewhere? How do I resolve > this? > > Thanks > > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-users/cfbfe51e-7d3d-415d-90b4-9f8df9457ffe%40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-users/cfbfe51e-7d3d-415d-90b4-9f8df9457ffe%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/CAO49JtHXTWTo7tChJw7igu7BReHu8B0bvvaP8G_uwEDXLc47%3DA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
