Closed
Bug 1596044
Opened 5 years ago
Closed 5 years ago
generic-worker: secure files tasks-resolved-count.txt, file-caches.json, directory-caches.json
Categories
(Taskcluster :: Workers, enhancement)
Taskcluster
Workers
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: pmoore, Assigned: pmoore)
References
Details
Attachments
(1 file)
In bug 1595715 comment 10 we saw that perhaps an external process is interfering with state files used by generic-worker. In order to reduce the risk that either a task or an external process is able to interfere with the files that generic-worker uses for persisting state between reboots, we should secure these files such that they can only be modified by the OS user that runs the generic-worker process.
We already do this for the generic-worker config file, the chain of trust signing key, and the current-task-user.json
and next-task-user.json
files but we should also do this for the other generic-worker state files:
tasks-resolved-count.txt
The record of how many tasks this worker has resolvedfile-caches.json
The catalogue of all file caches on this workerdirectory-caches.json
The catalogue of all directory caches on this worker
Assignee | ||
Comment 1•5 years ago
|
||
Assignee: nobody → pmoore
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•5 years ago
|
||
Released in generic-worker 16.5.6.
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•