Closed Bug 1596044 Opened 5 years ago Closed 5 years ago

generic-worker: secure files tasks-resolved-count.txt, file-caches.json, directory-caches.json

Categories

(Taskcluster :: Workers, enhancement)

Product:
Taskcluster
Component:
Workers
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: pmoore, Assigned: pmoore)

References

Details

Attachments

(1 file)

GitHub Pull Request for generic-worker
54 bytes, text/x-github-pull-request
Details | Review

In bug 1595715 comment 10 we saw that perhaps an external process is interfering with state files used by generic-worker. In order to reduce the risk that either a task or an external process is able to interfere with the files that generic-worker uses for persisting state between reboots, we should secure these files such that they can only be modified by the OS user that runs the generic-worker process.

We already do this for the generic-worker config file, the chain of trust signing key, and the current-task-user.json and next-task-user.json files but we should also do this for the other generic-worker state files:

  • tasks-resolved-count.txt
    The record of how many tasks this worker has resolved
  • file-caches.json
    The catalogue of all file caches on this worker
  • directory-caches.json
    The catalogue of all directory caches on this worker
See Also: → 1595715
Assignee: nobody → pmoore
Status: NEW → ASSIGNED
See Also: → 1595642

Released in generic-worker 16.5.6.

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: