Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22769

ListView's ItemListener runs with user privileges, might miss affected views

    XMLWordPrintable

    Details

    • Similar Issues:

      Attachments

        Issue Links

          Activity

          Hide
          jglick Jesse Glick added a comment -

          If backporting you would need to include the fix of JENKINS-25400 as well, which is not “soaked” yet.

          Show
          jglick Jesse Glick added a comment - If backporting you would need to include the fix of JENKINS-25400 as well, which is not “soaked” yet.
          Hide
          oleg_nenashev Oleg Nenashev added a comment -

          Backporting w/o a fix for JENKINS-25400 would be a really bad idea.
          We don't know the real impact of the issue.

          Show
          oleg_nenashev Oleg Nenashev added a comment - Backporting w/o a fix for JENKINS-25400 would be a really bad idea. We don't know the real impact of the issue.
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          core/src/main/java/hudson/model/listeners/ItemListener.java
          test/src/test/java/hudson/model/ListViewTest.java
          http://jenkins-ci.org/commit/jenkins/0efd811adb89769c8a6180e33e3d06d755bca4b5
          Log:
          [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls.
          (cherry picked from commit c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e)

          Conflicts:
          changelog.html

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/model/listeners/ItemListener.java test/src/test/java/hudson/model/ListViewTest.java http://jenkins-ci.org/commit/jenkins/0efd811adb89769c8a6180e33e3d06d755bca4b5 Log: [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls. (cherry picked from commit c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e) Conflicts: changelog.html
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: Jesse Glick
          Path:
          core/src/main/java/hudson/model/Fingerprint.java
          core/src/main/java/hudson/model/ListView.java
          core/src/main/java/hudson/model/listeners/ItemListener.java
          core/src/main/java/hudson/tasks/BuildTrigger.java
          http://jenkins-ci.org/commit/jenkins/8478e24609d407268bd579609bf0ce3ad395a046
          Log:
          [FIXED JENKINS-25400] Rework fix of JENKINS-22769 (c04cdcd) to put the burden on each listener to impersonate ACL.SYSTEM if it needs to.
          (cherry picked from commit a6a3d5e1660735edc18d331500f7ce9850fbc724)

          Conflicts:
          changelog.html

          Compare: https://github.com/jenkinsci/jenkins/compare/be835bfcfb17...8478e24609d4

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/model/Fingerprint.java core/src/main/java/hudson/model/ListView.java core/src/main/java/hudson/model/listeners/ItemListener.java core/src/main/java/hudson/tasks/BuildTrigger.java http://jenkins-ci.org/commit/jenkins/8478e24609d407268bd579609bf0ce3ad395a046 Log: [FIXED JENKINS-25400] Rework fix of JENKINS-22769 (c04cdcd) to put the burden on each listener to impersonate ACL.SYSTEM if it needs to. (cherry picked from commit a6a3d5e1660735edc18d331500f7ce9850fbc724) Conflicts: changelog.html Compare: https://github.com/jenkinsci/jenkins/compare/be835bfcfb17...8478e24609d4
          Hide
          dogfood dogfood added a comment -

          Integrated in jenkins_main_trunk #4292
          [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls. (Revision 0efd811adb89769c8a6180e33e3d06d755bca4b5)
          [FIXED JENKINS-25400] Rework fix of JENKINS-22769 (c04cdcd) to put the burden on each listener to impersonate ACL.SYSTEM if it needs to. (Revision 8478e24609d407268bd579609bf0ce3ad395a046)

          Result = UNSTABLE
          ogondza : 0efd811adb89769c8a6180e33e3d06d755bca4b5
          Files :

          • core/src/main/java/hudson/model/listeners/ItemListener.java
          • test/src/test/java/hudson/model/ListViewTest.java

          ogondza : 8478e24609d407268bd579609bf0ce3ad395a046
          Files :

          • core/src/main/java/hudson/tasks/BuildTrigger.java
          • core/src/main/java/hudson/model/ListView.java
          • core/src/main/java/hudson/model/Fingerprint.java
          • core/src/main/java/hudson/model/listeners/ItemListener.java
          Show
          dogfood dogfood added a comment - Integrated in jenkins_main_trunk #4292 [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls. (Revision 0efd811adb89769c8a6180e33e3d06d755bca4b5) [FIXED JENKINS-25400] Rework fix of JENKINS-22769 (c04cdcd) to put the burden on each listener to impersonate ACL.SYSTEM if it needs to. (Revision 8478e24609d407268bd579609bf0ce3ad395a046) Result = UNSTABLE ogondza : 0efd811adb89769c8a6180e33e3d06d755bca4b5 Files : core/src/main/java/hudson/model/listeners/ItemListener.java test/src/test/java/hudson/model/ListViewTest.java ogondza : 8478e24609d407268bd579609bf0ce3ad395a046 Files : core/src/main/java/hudson/tasks/BuildTrigger.java core/src/main/java/hudson/model/ListView.java core/src/main/java/hudson/model/Fingerprint.java core/src/main/java/hudson/model/listeners/ItemListener.java

            People

            • Assignee:
              jglick Jesse Glick
              Reporter:
              danielbeck Daniel Beck
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: