ability for users to install runners should be secure and controllable
Description
Presently, any authenticated user on my system can create a project and attach a runner to it. This runner can be on systems over which they have control. This runner can be used by other members of the project who have Master or higher permissions for their other projects. The runners are given names at creation but can be fairly generic and not reflect their ownership or purpose -- in fact I can't find the hostname of admin-added or user-added runners. A malicious owner could, in principle, harvest data from other users simply by adding other members to their project with higher permissions and waiting them to use their runner.
I can see why some of this behavior might be desirable on a large-scale free-as-in-beer system like gitlab.com. None of it is desirable for my intentionally-closed ecosystem.
Proposal
- Allow the administrator to disable users from adding their own runners. I do not want users adding their own runners under any circumstances, much less ones that are able to be used by other users on their other projects.
- I cannot find a means by which to identify the hostname on which the runner lives. This allows malicious users to give runners names that sound nice and friendly without other means of identifying them.
- Close this loophole entirely, if you consider it to be one.