[webkit-dev] Build Slave Shutdown

William Siegrist wsiegrist at apple.com
Fri Dec 17 13:30:35 PST 2010


On Dec 17, 2010, at 11:53 AM, Leandro Pereira wrote:

> On Thu, Dec 16, 2010 at 3:05 PM, William Siegrist <wsiegrist at apple.com> wrote:
>> Our buildbot allows for anonymous people to trigger things on the slaves,
>> and it is like this on purpose for ease of use. However, that means it is
>> possible for a malicious person to do things like shutdown all of the
>> slaves. That is what happened last night around 10:30pm PST, from
>> 66.57.13.12, and that is why the slaves are offline.
> 
> Something weird happened when the EFL slave was shut down.
> 
> It runs as an unprivileged user, but for some reason, the log file
> (twisted.log) and various other files inside the SVN checkout were
> owned by root. I initially thought the other admin restarted the
> buildslave service as root by mistake, but this isn't the case.
> 
> I've fixed the permissions and the buildslave is up and running again,
> but I'm still a bit worried about this. chkrootkit does not ring any
> bells, and disk corruption is unlikely as this is both pontual and the
> slave is an Amazon EC2 instance. Quick searches on Google didn't
> return anything useful, so I ask: have things like this happened
> before?
> 

No, it sounds like buildbot was run as root at some point. Maybe the owner(s) of the other slaves can chime in about this happening. 

-Bill




More information about the webkit-dev mailing list