Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for world-writable files in go-agent and go-server packages. #6815

Conversation

@vrushaliwaykole
Copy link
Contributor

commented Aug 23, 2019

Issue:

The latest edition(>= 19.6.0) of the go-agent and go-server packages contain world-writable files (JRE files which are bundled with GoCD for Linux installers). This creates a potential security issue anywhere that GoCD is installed.

Solution:
Removed write access of JRE files for user group others.

examples:

  1. If the existing mode is 0777, the mode will be changed to 0775.
  2. If the existing mode is 0477, the mode will be changed to 0475.

@vrushaliwaykole vrushaliwaykole requested a review from ketan Aug 23, 2019

@maheshp maheshp added this to the Release 19.8.0 milestone Aug 23, 2019

@maheshp maheshp added this to In progress in 19.8.0 Aug 23, 2019

Fix for world-writable files in go-agent and go-server packages.
As part of the fix, removed write permission for user group `others`.

@viraj2712 viraj2712 force-pushed the vrushaliwaykole:world-writable-files-in-installers-fix branch from fb83d50 to c394fa5 Aug 26, 2019

@vrushaliwaykole vrushaliwaykole merged commit 42302e7 into gocd:master Aug 26, 2019

3 checks passed

Mergeable Result: success
Details
WIP Ready for review
Details
license/cla Contributor License Agreement is signed.
Details

@maheshp maheshp moved this from In progress to Done in 19.8.0 Aug 28, 2019

@rajiesh rajiesh moved this from Done to QA Done in 19.8.0 Sep 5, 2019

@vrushaliwaykole vrushaliwaykole deleted the vrushaliwaykole:world-writable-files-in-installers-fix branch Sep 6, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
3 participants
You can’t perform that action at this time.