Gitea action runner has a bunch of different ways to setup and doing the isolation properly looks tricky. The documentation doesn't provide any isolation tests to administrators, either.
replyThe biggest mitigation is that gitea documentation discourages you from using action runners from untrusted users. Not flawless security, but it's something...
> The biggest mitigation is that gitea documentation discourages you from using action runners from untrusted users.
replyThis recommendation seems incompatible with third-party collaboration, at least on its face!
Potentially, but for many projects things like that are tools that you want to control access to anyway. Anyone wanting to update the CI/CD process who isn't a trusted part of the project should be having their changes properly reviewed by someone who is anyway, at which point the reviewer is the trusted user not the random external entity.
replyI don’t disagree with that, but I think GitHub has shown that projects want to have their cake and eat it too. GitHub has also shown that it’s incredibly easy to design an insecure CI/CD that satisfies that goal, but I see that more as a symptom of them being first-to-market rather than an inherent quality of the problem.
reply