Security considerations¶
This is a very early version and there are things that are not secure:
- Anyone can restart and stop a job by going to the main page on IBART as long as they have authenticated themselves using Google. Anyone with a Google account can login and trigger rebuilds, cancel jobs etc. People abusing this will be banned.
- It runs Flask
debug
mode by default (consider using nginx for example instead of the Flask web server). - Whatever is in the job definition file will be executed and it will do this with the same permissions as the server itself. So if one type
cmd: rm -rf $HOME
in the job definition file, then all files in the servers’ $HOME folder will be deleted. So be very careful with what you or someone else puts into job definition file.