-
Notifications
You must be signed in to change notification settings - Fork 133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Node.js Maintainers Threat Model: Access per Group table #1618
Comments
ping @nodejs/build @nodejs/releasers for visibility |
What is the difference between infra/admin in "Build - Test/Infra/Admin"? |
Perhaps "Admin" is supposed to encompass the two Jenkins admins groups (one for the test CI and one for the release CI)? But in that case it would only apply to the CI servers (and not the test/release machines themselves or any other resource on the list). |
"Website Infra" needs to be clarified, or probably split. The Build WG in general doesn't have access to the Vercel set up. |
Re. |
Yes, that's my understanding. cc: @UlisesGascon
Right, when we were discussing it we weren't aware of the roles and resources for nodejs.org, so we put Website Infra. Maybe @nodejs/web-infra can help us splitting it.
Would make sense to add an additional row for Embargo CI? |
We actually have
I can't quite remember but I think as a simplification we grouped all of the non-infra admins together. It might make more sense to have test admins (test, github bot admins, test jenkins admins) which I would shorten to test/release/infra @richardlau what do you think? |
If it makes it easier to summarise, sure. But e.g. test, github bot admins, test jenkins admins are three separate groups and being in one of those groups does not imply being in one of the others. test/release/infra definitely makes more sense than test/infra/admin. |
@richardlau understood about them being different groups, in a number of cases we've combined to make the table/assessment feasible. That means that we may estimate the risk. If that leads to risks that are highlighted as the top risk being not quite right we might adjust but if the results are risks that even with the overestimate are acceptable the simplication is worth it and we'll leave as is. |
Access for Website Teams
1 The release worker isn't deployed yet (nodejs/build#3461) Blank for ones already included in the table above. Omitted archived repositories (nodejs/nodejs.org-archive, nodejs/node.js.org, nodejs/nodejs.dev) ThreatsCan't get the table to format but,
1 When the release worker gets deployed @ovflowd can you comment on access to Vercel? |
Closing it in favour of nodejs/security-wg#1414. Feel free to review and suggest changes. @flakey5 we'll include this table in a separate document as the threat might be slightly different. |
Hi folks, as part of Node.js Security initiative we have created a table of access per group based on available roles under Node.js org. We'd like to get some feedback/review. Feel free to edit the table if you think something is wrong (I can read the history and update our hackmd table).
The idea is to have a table of permissions and then look at the threats each role has and its impact on the nodejs organization.
Access per Group
Levels: (
-
) none, (r
) read, (w
) write, (a
) admin/owner (inspiration from https://mason.gmu.edu/~montecin/UNIXpermiss.htm)Additional notes:
secrets
, they might have different access level internally based on sub-groups.Note
¹ - All repositories with code that get published or has some impact on nodejs/core
² - Releasers has access to run CI during CI Embargo (Security Release)
Repos under nodejs which do not include code, are not covered as they cannot lead to the threats listed.
pkgjs.org is excluded as it does not include code/repos that make it into Node.js binaries
The text was updated successfully, but these errors were encountered: