Re: [nant-dev] NUnit security

[Matthew Mastracci]

Especially those people using Draco.NET to build Sourceforge projects.  :) 

Martin Aliger wrote:

Seems ok.
 
It is not problem for me - just a general thought.
 
Maybe we could add note about it into doc for NUnit{1,2} tasks. Could 
be problem for projects like Draco.NET or CruiseControl.NET which use 
Nant internally. The rights should be adjustable from task attributes 
in future. Some tests could need more rights than others and only 
author of build file knows.
 
Martin

    ----- Original Message -----
    *From:* Lorphelin Yves <mailto:[EMAIL PROTECTED]>
    *To:* Martin Aliger <mailto:[EMAIL PROTECTED]> ; ! nant
    <mailto:[EMAIL PROTECTED]>
    *Sent:* Wednesday, September 10, 2003 6:11 PM
    *Subject:* RE: [nant-dev] NUnit security
    Hi Martin,
     
    If you have no special need for your service to run under a
    privileged account, let it then run with a less privileged account.
     
     
    Otherwise you can use the built-in .Net  runtime security features:
    Let your nant script copy everithing you need to a special folder
    (incl Nunit assemblies).
    & configure the .Net runtime on the build server so that
    everithing that is runned from this folder is granted less privileges.
    If your running W*S go to the administrative tools, .net Framework
    Configuration
    Runtime Security policy>Machine> code groups > all Code >
    My_computer_zone & make a new code group who's
    condition types is url and use " file://some directory/*.*" & the
    choose the permission set you want to use. (this can be done via
    the cmd line caspol)
     
     
    Hope this helps.
    Yves
     

        -----Oorspronkelijk bericht-----
        *Van:* Martin Aliger [mailto:[EMAIL PROTECTED]
        *Verzonden:* wo 9/10/2003 4:43 PM
        *Aan:* ! nant
        *CC:*
        *Onderwerp:* [nant-dev] NUnit security
        Hi all,

        I found serious security problem. My build server, which use NAnt
        internally, runs as windows service (as all build servers I
        know runs). This
        service runs as priviliged user. Nothing wrong with that
        unless you run
        test-cases with NUnit. It runs user code, which could contain
        maligious
        tests... It is not big problem for us, since I trust my
        coleagues, but it could be problem in some scenarios.
        What about limit somehow permitions in NUnitTask? Or is
        something done in
        NUnit itself?
        Regards,
        Martin


        -------------------------------------------------------
        This sf.net email is sponsored by:ThinkGeek
        Welcome to geek heaven.
        http://thinkgeek.com/sf
        _______________________________________________
        nant-developers mailing list
        [EMAIL PROTECTED]
        https://lists.sourceforge.net/lists/listinfo/nant-developers




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
nant-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/nant-developers