Build under different user IDs?

Hi @all,

we have ~1000 software packages, with a big number from "untrusted" sources / developers.

We would like to protect the following possibility: A developer potentially could introduce malicious commands in the build process
(e.g. call external command from CMakeLists.txt). This then would be executed under privilege of TC (buildbot), which shouldn't
be the case because perhaps buildbot might have some permissions which the developer doesn't have.


Is it possible with TC to run each software package's build under the UID of the maintainer? In this case, even if the build
instructions would contain malicious code it could not do more than the user could do on a normal shell.


Thanks,
Marcus

1 comment
Comment actions Permalink

Hi Marcus,

TeamCity does not have a dedicated feature to run a build under a different user. Please vote for the feature request: https://youtrack.jetbrains.com/issue/TW-3171.
However, you should be able to configure a command line script which would spawn a nested process under a different user. For more details please see the comment.

0

Please sign in to leave a comment.