github-actions[bot]
commented
5 months ago This issue is stale because it has been open 365 days with no activity. Remove stale label or comment or this will be closed in 15 days.
Open arcivanov opened 1 year ago
github-actions[bot]
commented
5 months ago This issue is stale because it has been open 365 days with no activity. Remove stale label or comment or this will be closed in 15 days.
arcivanov
commented
5 months ago bump
arcivanov
commented
5 months ago /remove stale
Describe the bug
This is a security bug
GHAR currently requires a repository- or organization-wide token to be able to remove itself via
./config.sh remove. It does, however, present a security issue where GHAR cannot self-remove in an unattended manner without hosting a token on the runner. The runner itself is naturally insecure and thus a potentially malicious code could obtain an organization-wide token that is able to remove any runner in the repository or organization.Expected behavior
./config.shregistration that does require a registration token the./config.shshould be able to automatically obtain and persist (in a manner similar to/home/runner/.credentialsand other security material) a single-use token scoped to the registered runner only../config.sh removeis then called without the--tokenargument, the single-use token obtained in [1] should be used to unregister self.Runner Version and Platform
Version of your runner? 2.304.0
OS of the machine running the runner? OSX/Windows/Linux/... Linux
What's not working?
N/A
Job Log Output
N/A
Runner and Worker's Diagnostic Logs
N/A