Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-42393

Temporary files should not be created in the bundles root directory under JENKINS_HOME

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      This plugin includes an automatic bundle generation on the Jenkins instance FS every hour.

      com.cloudbees.jenkins.support.configfiles.SecretHandler#findSecrets generates temporary files in SupportPlugin.getRootDirectory():

      File patchedFile = File.createTempFile("patched", ".xml", SupportPlugin.getRootDirectory());
      

      If JENKINS_HOME is using a network shared FS (NFS, EBS, GlusterFS, whatever), the creation of those temporary files gets unnecessarily synced over the network.
      And if something on "the other side" starts reading this file (imagine a backup service, or whatever), then for instance this will end up creating dozens of .nfs132435434543 files for deleted files on one node (but being read somewhere else).

      We should find a way to put those files elsewhere than under JENKINS_HOME, maybe under java.io.tmpdir but this had been judged problematic for security reasons (as those Components are processing config.xml and the likes that may contain secrets)

        Attachments

          Issue Links

            Activity

            batmat Baptiste Mathus created issue -
            batmat Baptiste Mathus made changes -
            Field Original Value New Value
            Assignee Steven Christou [ schristou ] Baptiste Mathus [ batmat ]
            batmat Baptiste Mathus made changes -
            Description This plugin includes an automatic bundle generation on the [Jenkins instance FS every hour|https://github.com/jenkinsci/support-core-plugin/blob/982cd2133ff125a2cdb886219a9548d076c152b1/src/main/java/com/cloudbees/jenkins/support/SupportPlugin.java#L721-L771].

            If JENKINS_HOME is using a network shared FS (NFS, EBS, GlusterFS, whatever), the creation of those temporary files gets unnecessarily synced over the network.
            And if something on "the other side" starts reading this file (imagine a backup service, or whatever), then for instance this will end up creating dozens of .nfs132435434543 files for deleted files on one node (but being read somewhere else).

            We should use the temporary directory of the system, not the SupportPlugin root directory to process temporary files.

            If for security reasons someone wants to isolate the files generated by the Jenkins instance, then they want to override {{-Djava.io.tmpdir}} to secure the instance globally.
            This plugin includes an automatic bundle generation on the [Jenkins instance FS every hour|https://github.com/jenkinsci/support-core-plugin/blob/982cd2133ff125a2cdb886219a9548d076c152b1/src/main/java/com/cloudbees/jenkins/support/SupportPlugin.java#L721-L771].

            com.cloudbees.jenkins.support.configfiles.SecretHandler#findSecrets [generates temporary files in SupportPlugin.getRootDirectory()|https://github.com/jenkinsci/support-core-plugin/blob/168f946639edf016f20d26d075153f38461639ee/src/main/java/com/cloudbees/jenkins/support/configfiles/SecretHandler.java#L81-L81]:

            {code:java}
            File patchedFile = File.createTempFile("patched", ".xml", SupportPlugin.getRootDirectory());
            {code}

            If JENKINS_HOME is using a network shared FS (NFS, EBS, GlusterFS, whatever), the creation of those temporary files gets unnecessarily synced over the network.
            And if something on "the other side" starts reading this file (imagine a backup service, or whatever), then for instance this will end up creating dozens of .nfs132435434543 files for deleted files on one node (but being read somewhere else).

            We should use the temporary directory of the system, not the SupportPlugin root directory to process temporary files.

            If for security reasons someone wants to isolate the files generated by the Jenkins instance, then they want to override {{-Djava.io.tmpdir}} to secure the instance globally.
            batmat Baptiste Mathus made changes -
            Remote Link Cette demande est liée à "PR-106 (Lien Web)" [ 15511 ]
            batmat Baptiste Mathus made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            batmat Baptiste Mathus made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            batmat Baptiste Mathus made changes -
            Description This plugin includes an automatic bundle generation on the [Jenkins instance FS every hour|https://github.com/jenkinsci/support-core-plugin/blob/982cd2133ff125a2cdb886219a9548d076c152b1/src/main/java/com/cloudbees/jenkins/support/SupportPlugin.java#L721-L771].

            com.cloudbees.jenkins.support.configfiles.SecretHandler#findSecrets [generates temporary files in SupportPlugin.getRootDirectory()|https://github.com/jenkinsci/support-core-plugin/blob/168f946639edf016f20d26d075153f38461639ee/src/main/java/com/cloudbees/jenkins/support/configfiles/SecretHandler.java#L81-L81]:

            {code:java}
            File patchedFile = File.createTempFile("patched", ".xml", SupportPlugin.getRootDirectory());
            {code}

            If JENKINS_HOME is using a network shared FS (NFS, EBS, GlusterFS, whatever), the creation of those temporary files gets unnecessarily synced over the network.
            And if something on "the other side" starts reading this file (imagine a backup service, or whatever), then for instance this will end up creating dozens of .nfs132435434543 files for deleted files on one node (but being read somewhere else).

            We should use the temporary directory of the system, not the SupportPlugin root directory to process temporary files.

            If for security reasons someone wants to isolate the files generated by the Jenkins instance, then they want to override {{-Djava.io.tmpdir}} to secure the instance globally.
            This plugin includes an automatic bundle generation on the [Jenkins instance FS every hour|https://github.com/jenkinsci/support-core-plugin/blob/982cd2133ff125a2cdb886219a9548d076c152b1/src/main/java/com/cloudbees/jenkins/support/SupportPlugin.java#L721-L771].

            com.cloudbees.jenkins.support.configfiles.SecretHandler#findSecrets [generates temporary files in SupportPlugin.getRootDirectory()|https://github.com/jenkinsci/support-core-plugin/blob/168f946639edf016f20d26d075153f38461639ee/src/main/java/com/cloudbees/jenkins/support/configfiles/SecretHandler.java#L81-L81]:

            {code:java}
            File patchedFile = File.createTempFile("patched", ".xml", SupportPlugin.getRootDirectory());
            {code}

            If JENKINS_HOME is using a network shared FS (NFS, EBS, GlusterFS, whatever), the creation of those temporary files gets unnecessarily synced over the network.
            And if something on "the other side" starts reading this file (imagine a backup service, or whatever), then for instance this will end up creating dozens of .nfs132435434543 files for deleted files on one node (but being read somewhere else).

            We should use the temporary directory of the system, not the SupportPlugin root directory to process temporary files.

            If for security reasons someone wants to isolate the files generated by the Jenkins instance, then they simply want to override {{-Djava.io.tmpdir}} to secure the instance globally.
            batmat Baptiste Mathus made changes -
            Summary Temporary files should be using java.io.tmpDir, not the support bundles root directory on JENKINS_HOME Temporary files should not be created in the bundles root directory under JENKINS_HOME
            batmat Baptiste Mathus made changes -
            Description This plugin includes an automatic bundle generation on the [Jenkins instance FS every hour|https://github.com/jenkinsci/support-core-plugin/blob/982cd2133ff125a2cdb886219a9548d076c152b1/src/main/java/com/cloudbees/jenkins/support/SupportPlugin.java#L721-L771].

            com.cloudbees.jenkins.support.configfiles.SecretHandler#findSecrets [generates temporary files in SupportPlugin.getRootDirectory()|https://github.com/jenkinsci/support-core-plugin/blob/168f946639edf016f20d26d075153f38461639ee/src/main/java/com/cloudbees/jenkins/support/configfiles/SecretHandler.java#L81-L81]:

            {code:java}
            File patchedFile = File.createTempFile("patched", ".xml", SupportPlugin.getRootDirectory());
            {code}

            If JENKINS_HOME is using a network shared FS (NFS, EBS, GlusterFS, whatever), the creation of those temporary files gets unnecessarily synced over the network.
            And if something on "the other side" starts reading this file (imagine a backup service, or whatever), then for instance this will end up creating dozens of .nfs132435434543 files for deleted files on one node (but being read somewhere else).

            We should use the temporary directory of the system, not the SupportPlugin root directory to process temporary files.

            If for security reasons someone wants to isolate the files generated by the Jenkins instance, then they simply want to override {{-Djava.io.tmpdir}} to secure the instance globally.
            This plugin includes an automatic bundle generation on the [Jenkins instance FS every hour|https://github.com/jenkinsci/support-core-plugin/blob/982cd2133ff125a2cdb886219a9548d076c152b1/src/main/java/com/cloudbees/jenkins/support/SupportPlugin.java#L721-L771].

            com.cloudbees.jenkins.support.configfiles.SecretHandler#findSecrets [generates temporary files in SupportPlugin.getRootDirectory()|https://github.com/jenkinsci/support-core-plugin/blob/168f946639edf016f20d26d075153f38461639ee/src/main/java/com/cloudbees/jenkins/support/configfiles/SecretHandler.java#L81-L81]:

            {code:java}
            File patchedFile = File.createTempFile("patched", ".xml", SupportPlugin.getRootDirectory());
            {code}

            If JENKINS_HOME is using a network shared FS (NFS, EBS, GlusterFS, whatever), the creation of those temporary files gets unnecessarily synced over the network.
            And if something on "the other side" starts reading this file (imagine a backup service, or whatever), then for instance this will end up creating dozens of .nfs132435434543 files for deleted files on one node (but being read somewhere else).

            We should find a way to put those files elsewhere than under JENKINS_HOME, maybe under java.io.tmpdir but this had been judged problematic for security reasons (as those Components are processing config.xml and the likes that may contain secrets)
            batmat Baptiste Mathus made changes -
            Status In Review [ 10005 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            cloudbees CloudBees Inc. made changes -
            Remote Link This issue links to "CloudBees Internal CJP-6288 (Web Link)" [ 19170 ]

              People

              • Assignee:
                batmat Baptiste Mathus
                Reporter:
                batmat Baptiste Mathus
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: