found chmod 777 in runner, please fix!
When investigating a problem i found the following code in gitlab runner:
#!/bin/sh set -x for path in $@; do chmod 777 "$path" done
Just for the reference: there is no need to do a dangerous chmod 777 anywhere in the code or ever advice a user to do so. This leads subsequently to runner takeovers. I personally have to admit that I used chmod 777 missconfigurations on several penetration tests.
Please do a "grep -R 777" on your source code and see if this is messed up somewhere else.