Woodpecker security issues #98
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently, the
woodpecker-agent
user has write access to my deployed websites, but this is significant security issue. We could use environment variable secrets, but my PR only has very janky support for secrets.Should be possible to do this with SSH keys but I'll also try to think of a way to improve the security of our current method, since it's much simpler than using environement variables and SSH keys.
Alright so I was able to get SSH keys to work: https://ci.exozy.me/Ta180m/website/build/17
However, I think it just opens up more security issues, so I'm going to keep things as is for now.
We might also want to do some systemd security hardening for Woodpecker: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
I disabled registration for Woodpecker since our setup with the bare-metal backend is inherently insecure.