Clarify that jobs in a workflow can compromise each other only on self-hosted runners

[neongreen]

Code of Conduct

• I have read and agree to the GitHub Docs project's Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#reusing-third-party-workflows

What part(s) of the article would you like to see updated?

The individual jobs in a workflow can interact with (and compromise) other jobs. For example, a job querying the environment variables used by a later job, writing files to a shared directory that a later job processes, or even more directly by interacting with the Docker socket and inspecting other running containers and executing commands in them.

My understanding is that this only applies to jobs running on self-hosted runners.

As per https://docs.github.com/en/actions/using-github-hosted-runners/using-github-hosted-runners/about-github-hosted-runners, GHA-hosted runners use a fresh VM for each job. So "shared directory" and "Docker socket" are not a thing for GHA-hosted runners.

Additional information

No response

[welcome]

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

[nguyenalex836]

@neongreen Thank you for raising this issue! I'll get this triaged for review ✨ Our team will provide feedback regarding the best next steps for this issue - thanks for your patience! 💛

[github-actions]

Thanks for opening an issue! We've triaged this issue for technical review by a subject matter expert 👀

[nguyenalex836]

@neongreen Thank you for your patience while our SME team reviewed! ✨ Our SMEs responded with the following:

The customer is correct that self hosted runners can be compromised unless they design systems like we do for hosted that guarantee a completely isolated environment

We may want to be more clear on

The individual jobs in a workflow can interact with (and compromise) other jobs. For example, a job querying the environment variables used by a later job, writing files to a shared directory that a later job processes, or even more directly by interacting with the Docker socket and inspecting other running containers and executing commands in them.

In theory, some jobs can depend on the output of other jobs

So if you compromise that output, you can compromise the later jobs even on hosted

But the examples in that snippet are not accurate

For example, in self hosted environments a job querying the environment variables used by a later job, writing files to a shared directory that a later job processes, or even more directly by interacting with the Docker socket and inspecting other running containers and executing commands in them.

In hosted environments, [job outputs can be compromised](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/passing-information-between-jobs).

Given our SMEs are aligned with you, would you be willing to open a PR to correct this doc? 💛