undefined | Better HN

0 pointsgarblegarble2y ago0 comments

>For an isolated build worker - yeah, sure, I'll go ahead and disable SIP.

Isn't this especially dangerous on a build worker? All your source code goes in and you (presumably) use the binaries that come out across the rest of your infrastructure. Compromising a build worker in a persistent fashion due to lack of SIP seems like it could do some serious[1] harm...

1: https://wiki.c2.com/?TheKenThompsonHack

0 comments

solatic2y ago

Depends on your threat modeling. Are you running untrusted code on the worker (maybe you have an org with thousands of engineers, maybe you're running builds from a public fork)? Sure, that's an issue. Are you a small startup? Take the convenience and focus on the bigger fish to fry.

j / k navigate · click thread line to collapse

0 pointsgarblegarble2y ago0 comments

>For an isolated build worker - yeah, sure, I'll go ahead and disable SIP.

1: https://wiki.c2.com/?TheKenThompsonHack

0 comments

solatic2y ago

j / k navigate · click thread line to collapse