as for Travis-CI builds, there's such possibility already
1) register at github.com
2) add your own repo to travis-ci.org
3) voila, you can attack Pentagon from travis-ci cloud
the way of "add some attacking code to openvpn codebase" seems to be much
more complicated
2016-06-07 13:20 GMT+05:00 Gert Doering <g...@greenie.muc.de>:
> Hi,
>
> On Tue, Jun 07, 2016 at 11:08:47AM +0300, Samuli Seppänen wrote:
> > > we can't open this to the world, as the t_client tests need sudo
> > > privileges, so anyone who can push a patch to a testing tree can run
> > > arbitrary commands on the buildslaves ("just build whatever you want
> > > into something called 'openvpn' and run that with sudo from t_client")
> -
> > > so, (semi-)trusted developers only.
> >
> > This is not entirely true, because the build steps are hardcoded.
>
> Trivial :-) - just add a patch that will
>
> cp evilscript.sh src/openvpn/openvpn
>
> at the end of the build phase.
>
> Then, run "make check", and t_client.sh will happily execute
>
> sudo src/openvpn/openvpn $options
>
> which now runs "evilscript.sh" with full root access...
>
>
> > However, I would definitely not open this to the world, because there is
> > plenty of room for misuse, and Buildbot might have security issues which
> > could be exploited.
>
> Ideed :-)
>
> [..]
> > It seems that a summary of how Vagrant operates is in order here.
> >
> > Vagrant uses pre-built images as a starting point. These images do not
> > (and should not) be built by OpenVPN developers. The only things _we_
> > have to maintain are the Vagrant files, which are basically recipies for
> > configuring the base boxes into an OpenVPN test VMs.
> >
> > So, when a developer wants to run the integration tests this is what
> > happens:
> >
> > - Vagrant fetches the pre-built VM images from a remote source
> > - The image is launched into Virtualbox (or other virtualization system)
> > - Vagrant runs the initialization scripts in the Vagrantfile
> > - The system is ready to use and stored for future use
>
> So what VM images are available today, especially regarding *BSD, Solaris,
> MacOS? Who would be maintaining them, like, adding OS updates, installing
> the tools needed to build OpenVPN (on a fresh Solaris system, you can't
> build *anything*, for example)...
>
> Fire up a linux VM is totally trivial :-)
>
> [..]
> > Summary: very little maintenance is required for Vagrant. It is not like
> > buildbot, where we actually have to build the VMs from scratch.
>
> This sounds great but I have a hard time actually believing it...
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
> //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025
> g...@net.informatik.tu-muenchen.de
>
>
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and
> traffic
> patterns at an interface-level. Reveals which users, apps, and protocols
> are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
>
