search

payano / mMesh

Mesh implementation for embedded systems, focusing on a small footprint
MIT License
0 stars 1 forks source link

Add self-hosted runner to deploy new software on hardware #40

Open payano opened 4 years ago

payano commented 4 years ago

https://help.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners#self-hosted-runner-security-with-public-repositories

Under settings->actions->add-new-runner

payano commented 4 years ago

Self-hosted runner security with public repositories

We recommend that you do not use self-hosted runners with public repositories.

Forks of your public repository can potentially run dangerous code on your self-hosted runner machine by creating a pull request that executes the code in a workflow.

This is not an issue with GitHub-hosted runners because each GitHub-hosted runner is always a clean isolated virtual machine, and it is destroyed at the end of the job execution.

Untrusted workflows running on your self-hosted runner poses significant security risks for your machine and network environment, especially if your machine persists its environment between jobs. Some of the risks include:

Malicious programs running on the machine.
Escaping the machine's runner sandbox.
Exposing access to the machine's network environment.
Persisting unwanted or dangerous data on the machine.