Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-47593

can not to be online without permission

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Critical
    • Resolution: Fixed
    • Component/s: ec2-plugin
    • Labels:
      None
    • Similar Issues:

      Description

      After upgrade to 2.86 plugin need extra permission for dynamic script  to make slave online via ssh connection. 

      I can not use "In-process Script Approval" because this script look like 
      'ssh user@123.212.12.232 ....' and it is dynamic! 

        Attachments

          Issue Links

            Activity

            Hide
            danielbeck Daniel Beck added a comment -

            Chris Kulinski This should not be happening; Jenkins should identify an upgrade and install newly detached plugins. Please file a new issue and file as many details as possible; ideally steps to reproduce and logs of the first Jenkins startup after update. Ping me in the description or a comment.

            Show
            danielbeck Daniel Beck added a comment - Chris Kulinski This should not be happening; Jenkins should identify an upgrade and install newly detached plugins. Please file a new issue and file as many details as possible; ideally steps to reproduce and logs of the first Jenkins startup after update. Ping me in the description or a comment.
            Hide
            jglick Jesse Glick added a comment -

            To be clear, the “this” that should not be happening is the NoClassDefFoundError or whatever it is. The need to manually approve a command-line launch string is an acknowledged issue.

            Show
            jglick Jesse Glick added a comment - To be clear, the “this” that should not be happening is the NoClassDefFoundError or whatever it is. The need to manually approve a command-line launch string is an acknowledged issue.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Wadeck Follonier
            Path:
            src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java
            http://jenkins-ci.org/commit/ec2-plugin/ae2bf458ecad2a84d0d9a5f899977f4a6da82af6
            Log:
            JENKINS-47593[SECURITY-643] Allow command to be run without approval

            • use the second constructor of CommandLauncher to avoid being blocked by the security fix
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wadeck Follonier Path: src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java http://jenkins-ci.org/commit/ec2-plugin/ae2bf458ecad2a84d0d9a5f899977f4a6da82af6 Log: JENKINS-47593 [SECURITY-643] Allow command to be run without approval use the second constructor of CommandLauncher to avoid being blocked by the security fix
            Show
            danielbeck Daniel Beck added a comment - This was fixed as part of the 1.38 security update for the EC2 plugin.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Francis Upton IV
            Path:
            pom.xml
            src/main/java/hudson/plugins/ec2/AmazonEC2Cloud.java
            src/main/java/hudson/plugins/ec2/SlaveTemplate.java
            src/main/java/hudson/plugins/ec2/UnixData.java
            src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java
            src/main/resources/hudson/plugins/ec2/Messages.properties
            http://jenkins-ci.org/commit/ec2-plugin/180f7d0eae6031d67259a5d86d9d7d382f9eb05b
            Log:
            Jenkins 47593 avoid script block (#253)

            • JENKINS-47593[SECURITY-643] Allow command to be run without approval
            • use the second constructor of CommandLauncher to avoid being blocked by the security fix
            • - adding permission check on unsafe parameter modification
            • adding warning message in case someone is modifying the unsafe parameters
            • - also put the right check on the readResolve
            • regroup the permission error message
            • - change name of the required permission
            • [SECURITY-643] Fix exception during start of cloud config
            • [maven-release-plugin] prepare release ec2-1.38
            • [maven-release-plugin] prepare for next development iteration
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Francis Upton IV Path: pom.xml src/main/java/hudson/plugins/ec2/AmazonEC2Cloud.java src/main/java/hudson/plugins/ec2/SlaveTemplate.java src/main/java/hudson/plugins/ec2/UnixData.java src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java src/main/resources/hudson/plugins/ec2/Messages.properties http://jenkins-ci.org/commit/ec2-plugin/180f7d0eae6031d67259a5d86d9d7d382f9eb05b Log: Jenkins 47593 avoid script block (#253) JENKINS-47593 [SECURITY-643] Allow command to be run without approval use the second constructor of CommandLauncher to avoid being blocked by the security fix - adding permission check on unsafe parameter modification adding warning message in case someone is modifying the unsafe parameters - also put the right check on the readResolve regroup the permission error message - change name of the required permission [SECURITY-643] Fix exception during start of cloud config [maven-release-plugin] prepare release ec2-1.38 [maven-release-plugin] prepare for next development iteration

              People

              • Assignee:
                wfollonier Wadeck Follonier
                Reporter:
                pperzyna Piotr Perzyna
              • Votes:
                5 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: