[webkit-dev] Build Slave Shutdown
wsiegrist at apple.com
Fri Dec 17 13:30:35 PST 2010
On Dec 17, 2010, at 11:53 AM, Leandro Pereira wrote:
> On Thu, Dec 16, 2010 at 3:05 PM, William Siegrist <wsiegrist at apple.com> wrote:
>> Our buildbot allows for anonymous people to trigger things on the slaves,
>> and it is like this on purpose for ease of use. However, that means it is
>> possible for a malicious person to do things like shutdown all of the
>> slaves. That is what happened last night around 10:30pm PST, from
>> 18.104.22.168, and that is why the slaves are offline.
> Something weird happened when the EFL slave was shut down.
> It runs as an unprivileged user, but for some reason, the log file
> (twisted.log) and various other files inside the SVN checkout were
> owned by root. I initially thought the other admin restarted the
> buildslave service as root by mistake, but this isn't the case.
> I've fixed the permissions and the buildslave is up and running again,
> but I'm still a bit worried about this. chkrootkit does not ring any
> bells, and disk corruption is unlikely as this is both pontual and the
> slave is an Amazon EC2 instance. Quick searches on Google didn't
> return anything useful, so I ask: have things like this happened
No, it sounds like buildbot was run as root at some point. Maybe the owner(s) of the other slaves can chime in about this happening.
More information about the webkit-dev