Forum Discussion

dparis's avatar
dparis
Copper Contributor
Aug 10, 2020

Security on Azure Devops Self Hosted agent

Hello,

 

Today I have discovered that is possible from the pipeline to deploy software directly on the agents without any kind of authentication, in my case I was able to deploy docker directly on a self-hosted agent by just using a bash script on the pipeline.

 

Is it possible to deny this kind of deployments on a self-hosted agent from the pipeline without impacting any other deployments, pipelines, or releases?

 

From the security perspective, it poses a risk, someone that has access to the pipelines deploy un-wanted software on an agent.

 

 

  • You are essentially running the agent using a specific account (the one you used to install the agent). You will have to limit the permission of that account to disallow software installation.

     

    Felix.

  • You are essentially running the agent using a specific account (the one you used to install the agent). You will have to limit the permission of that account to disallow software installation.

     

    Felix.

Resources