found chmod 777 in runner, please fix!
When investigating a problem i found the following code in gitlab runner:
#!/bin/sh
set -x
for path in $@; do
chmod 777 "$path"
done
Just for the reference: there is no need to do a dangerous chmod 777 anywhere in the code or ever advice a user to do so. This leads subsequently to runner takeovers. I personally have to admit that I used chmod 777 missconfigurations on several penetration tests.
Please do a "grep -R 777" on your source code and see if this is messed up somewhere else.
Proposal
Edited by Fnordpol