Martin Aliger wrote:
Seems ok.
It is not problem for me - just a general thought.
Maybe we could add note about it into doc for NUnit{1,2} tasks. Could be problem for projects like Draco.NET or CruiseControl.NET which use Nant internally. The rights should be adjustable from task attributes in future. Some tests could need more rights than others and only author of build file knows.
Martin
----- Original Message ----- *From:* Lorphelin Yves <mailto:[EMAIL PROTECTED]> *To:* Martin Aliger <mailto:[EMAIL PROTECTED]> ; ! nant <mailto:[EMAIL PROTECTED]> *Sent:* Wednesday, September 10, 2003 6:11 PM *Subject:* RE: [nant-dev] NUnit security
Hi Martin,
If you have no special need for your service to run under a
privileged account, let it then run with a less privileged account.
Otherwise you can use the built-in .Net runtime security features:
Let your nant script copy everithing you need to a special folder
(incl Nunit assemblies).
& configure the .Net runtime on the build server so that
everithing that is runned from this folder is granted less privileges.
If your running W*S go to the administrative tools, .net Framework
Configuration
Runtime Security policy>Machine> code groups > all Code >
My_computer_zone & make a new code group who's
condition types is url and use " file://some directory/*.*" & the
choose the permission set you want to use. (this can be done via
the cmd line caspol)
Hope this helps.
Yves
-----Oorspronkelijk bericht----- *Van:* Martin Aliger [mailto:[EMAIL PROTECTED] *Verzonden:* wo 9/10/2003 4:43 PM *Aan:* ! nant *CC:* *Onderwerp:* [nant-dev] NUnit security
Hi all,
I found serious security problem. My build server, which use NAnt internally, runs as windows service (as all build servers I know runs). This service runs as priviliged user. Nothing wrong with that unless you run test-cases with NUnit. It runs user code, which could contain maligious tests... It is not big problem for us, since I trust my coleagues, but it could be problem in some scenarios.
What about limit somehow permitions in NUnitTask? Or is something done in NUnit itself?
Regards, Martin
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ nant-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-developers
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ nant-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-developers