New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

what is the purpose of --no-command-eval? #913

Closed
nhooyr opened this Issue Feb 11, 2019 · 3 comments

Comments

2 participants
@nhooyr
Copy link

nhooyr commented Feb 11, 2019

Can't someone just evaluate things in a script? What value does this option add?

@toolmantim

This comment has been minimized.

Copy link
Member

toolmantim commented Feb 11, 2019

Commands are sourced from the BK instructions, whereas scripts are sourced from your repository. In the case of a malicious job instruction from Buildkite, the option provides a layer of defense. Does that make it clear?

@toolmantim toolmantim closed this Feb 11, 2019

@nhooyr

This comment has been minimized.

Copy link
Author

nhooyr commented Feb 17, 2019

Not clear to me. Could you provide an example of the protection it adds?

@toolmantim

This comment has been minimized.

Copy link
Member

toolmantim commented Feb 17, 2019

I’ll try to clarify! This option doesn’t provide any protection for people with repository access… like you said, they can just change the executable scripts.

This option is usually used alongside the other options and techniques (e.g. hooks that do whitelisting), when you’re trying to ensure that only things that have been sourced from your repositories are being executed (and not arbitrary commands defined only in Buildkite or by a malicious third party).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment