[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#46641: process-tests assume network connection
|
From: |
Philipp |
|
Subject: |
bug#46641: process-tests assume network connection |
|
Date: |
Sun, 21 Feb 2021 20:40:59 +0100 |
> Am 21.02.2021 um 17:21 schrieb Robert Pluim <rpluim@gmail.com>:
>
>>>>>> On Sun, 21 Feb 2021 15:37:27 +0100, Philipp <p.stephani2@gmail.com> said:
>
> Philipp> This is pretty common for CI systems. Accessing the network is a
> Philipp> security risk, and in addition tends to make tests unreproducible.
>
> I can give you the second one, but in what way is eg doing a DNS lookup a
> 'security risk'? Weʼre not talking about setting up a listening server
> on a public IP here.
A CI system will typically run arbitrary code that’s not under the control of
the CI system itself. Therefore, the CI system needs to prevent any malicious
behavior of the system under test. Since the code being tested is opaque, the
CI system can’t really decide whether it’s malicious or not, so it has to
conservatively assume that any network access is malicious. While it might be
possible to prevent more specific behavior (like creating a listening socket),
that tends to be more complex, so the simpler and safer „no network at all“
tends to be a reasonable choice.
- bug#46641: process-tests assume network connection, Glenn Morris, 2021/02/19
- bug#46641: process-tests assume network connection, Robert Pluim, 2021/02/21
- bug#46641: process-tests assume network connection, Lars Ingebrigtsen, 2021/02/21
- bug#46641: process-tests assume network connection, Philipp, 2021/02/21
- bug#46641: process-tests assume network connection, Robert Pluim, 2021/02/21
- bug#46641: process-tests assume network connection, Robert Pluim, 2021/02/21
- bug#46641: process-tests assume network connection, Lars Ingebrigtsen, 2021/02/21
- bug#46641: process-tests assume network connection, Robert Pluim, 2021/02/22
bug#46641: process-tests assume network connection, Philipp, 2021/02/21