Re: [nant-dev] NUnit security

2003-09-10 Thread Martin Aliger 
It is. But you do not run builded assemblies during builds. Only the test
code is run (and through it the real code)

Martin

- Original Message - 
From: Philip Nelson [EMAIL PROTECTED]
To: Martin Aliger [EMAIL PROTECTED]; !nant
[EMAIL PROTECTED]
Sent: Wednesday, September 10, 2003 5:25 PM
Subject: Re: [nant-dev] NUnit security


 How is this more risky than running the code you are actually testing?
Isn't
 the real code and the test code written by the same group?

 --- Martin Aliger [EMAIL PROTECTED] wrote:
  Hi all,
 
  I found serious security problem. My build server, which use NAnt
  internally, runs as windows service (as all build servers I know runs).
This
  service runs as priviliged user. Nothing wrong with that unless you run
  test-cases with NUnit. It runs user code, which could contain maligious
  tests... It is not big problem for us, since I trust my
  coleagues, but it could be problem in some scenarios.
 
  What about limit somehow permitions in NUnitTask? Or is something done
in
  NUnit itself?
 
  Regards,
  Martin
 
 
 
 
  ---
  This sf.net email is sponsored by:ThinkGeek
  Welcome to geek heaven.
  http://thinkgeek.com/sf
  ___
  nant-developers mailing list
  [EMAIL PROTECTED]
  https://lists.sourceforge.net/lists/listinfo/nant-developers







---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
nant-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/nant-developers

RE: [nant-dev] NUnit security

2003-09-10 Thread Lorphelin Yves 
Title: [nant-dev] NUnit security






Hi Martin,

If you have no special need for your service to run under a privileged 
account, let it then run with aless privilegedaccount.


Otherwise you can use the built-in .Net runtime security 
features:
Let your nant script copy everithing you need to a special folder (incl 
Nunit assemblies).
 configure the .Net runtime on the build server so that everithing 
that is runned from this folder is granted less privileges.
If your running W*S go to the administrative tools, .net Framework 
Configuration 
Runtime Security policyMachine code groups  all Code  
My_computer_zone  make a new code group who's 
condition types is url and use "file://some 
directory/*.*"  the choose the permission set you want to use. (this can be 
done via the cmd line caspol)


Hope this helps.
Yves


  -Oorspronkelijk bericht- Van: Martin 
  Aliger [mailto:[EMAIL PROTECTED] Verzonden: wo 9/10/2003 
  4:43 PM Aan: ! nant CC: Onderwerp: [nant-dev] 
  NUnit security
  Hi all,I found serious security problem. My build 
  server, which use NAntinternally, runs as windows service (as all build 
  servers I know runs). Thisservice runs as priviliged user. Nothing wrong 
  with that unless you runtest-cases with NUnit. It runs user code, which 
  could contain maligioustests... It is not big problem for us, since I 
  trust mycoleagues, but it could be problem in some scenarios.What 
  about limit somehow permitions in NUnitTask? Or is something done inNUnit 
  itself?Regards,Martin---This 
  sf.net email is sponsored by:ThinkGeekWelcome to geek heaven.http://thinkgeek.com/sf___nant-developers 
  mailing list[EMAIL PROTECTED]https://lists.sourceforge.net/lists/listinfo/nant-developers

Re: [nant-dev] NUnit security

2003-09-10 Thread Martin Aliger 
Title: [nant-dev] NUnit security



Seems ok.

It is not problem for me - just a general 
thought.

Maybe we could add noteabout it into 
doc for NUnit{1,2} tasks. Could be problem for projects like Draco.NET or 
CruiseControl.NET which use Nant internally. The rights should be adjustablefrom task 
attributes in future. Some tests could need more rights than others and only 
author of build file knows.


Martin

  - Original Message - 
  From: 
  Lorphelin Yves 
  To: Martin Aliger ; ! nant 
  Sent: Wednesday, September 10, 2003 6:11 
  PM
  Subject: RE: [nant-dev] NUnit 
  security
  
  
  Hi Martin,
  
  If you have no special need for your service to run under a privileged 
  account, let it then run with aless privilegedaccount.
  
  
  Otherwise you can use the built-in .Net runtime security 
  features:
  Let your nant script copy everithing you need to a special folder (incl 
  Nunit assemblies).
   configure the .Net runtime on the build server so that everithing 
  that is runned from this folder is granted less privileges.
  If your running W*S go to the administrative tools, .net Framework 
  Configuration 
  Runtime Security policyMachine code groups  all Code  
  My_computer_zone  make a new code group who's 
  condition types is url and use "file://some directory/*.*"  the choose the 
  permission set you want to use. (this can be done via the cmd line 
  caspol)
  
  
  Hope this helps.
  Yves
  
  
-Oorspronkelijk bericht- Van: Martin 
Aliger [mailto:[EMAIL PROTECTED] Verzonden: wo 9/10/2003 
4:43 PM Aan: ! nant CC: Onderwerp: 
[nant-dev] NUnit security
Hi all,I found serious security problem. My build 
server, which use NAntinternally, runs as windows service (as all build 
servers I know runs). Thisservice runs as priviliged user. Nothing wrong 
with that unless you runtest-cases with NUnit. It runs user code, which 
could contain maligioustests... It is not big problem for us, since I 
trust mycoleagues, but it could be problem in some 
scenarios.What about limit somehow permitions in NUnitTask? Or is 
something done inNUnit 
itself?Regards,Martin---This 
sf.net email is sponsored by:ThinkGeekWelcome to geek heaven.http://thinkgeek.com/sf___nant-developers 
mailing list[EMAIL PROTECTED]https://lists.sourceforge.net/lists/listinfo/nant-developers

Re: [nant-dev] NUnit security

2003-09-10 Thread Matthew Mastracci 
Especially those people using Draco.NET to build Sourceforge projects.  :) 

Martin Aliger wrote:

Seems ok.
 
It is not problem for me - just a general thought.
 
Maybe we could add note about it into doc for NUnit{1,2} tasks. Could 
be problem for projects like Draco.NET or CruiseControl.NET which use 
Nant internally. The rights should be adjustable from task attributes 
in future. Some tests could need more rights than others and only 
author of build file knows.
 
Martin

- Original Message -
*From:* Lorphelin Yves mailto:[EMAIL PROTECTED]
*To:* Martin Aliger mailto:[EMAIL PROTECTED] ; ! nant
mailto:[EMAIL PROTECTED]
*Sent:* Wednesday, September 10, 2003 6:11 PM
*Subject:* RE: [nant-dev] NUnit security
Hi Martin,
 
If you have no special need for your service to run under a
privileged account, let it then run with a less privileged account.
 
 
Otherwise you can use the built-in .Net  runtime security features:
Let your nant script copy everithing you need to a special folder
(incl Nunit assemblies).
 configure the .Net runtime on the build server so that
everithing that is runned from this folder is granted less privileges.
If your running W*S go to the administrative tools, .net Framework
Configuration
Runtime Security policyMachine code groups  all Code 
My_computer_zone  make a new code group who's
condition types is url and use  file://some directory/*.*  the
choose the permission set you want to use. (this can be done via
the cmd line caspol)
 
 
Hope this helps.
Yves
 

-Oorspronkelijk bericht-
*Van:* Martin Aliger [mailto:[EMAIL PROTECTED]
*Verzonden:* wo 9/10/2003 4:43 PM
*Aan:* ! nant
*CC:*
*Onderwerp:* [nant-dev] NUnit security
Hi all,

I found serious security problem. My build server, which use NAnt
internally, runs as windows service (as all build servers I
know runs). This
service runs as priviliged user. Nothing wrong with that
unless you run
test-cases with NUnit. It runs user code, which could contain
maligious
tests... It is not big problem for us, since I trust my
coleagues, but it could be problem in some scenarios.
What about limit somehow permitions in NUnitTask? Or is
something done in
NUnit itself?
Regards,
Martin


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
nant-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/nant-developers




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
nant-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/nant-developers

[nant-dev] Bug Report - SQLTask aborts when expandprops=true and a property has not been defined

2003-09-10 Thread Brian Sullivan 








Took a while to track this
one down.

I was trying to replace ${nant.Version}
when I should have been using ${nant.version}

Sigh  



SQL Task Aborts when expandprops=true
and a ${property} has not been defined



The following Build Script




project name=SQL bug basedir=.
default=Bug



 !-- Properties --

 !-- Properties --

 !-- Properties --


property name=SqlServer
value=(Local)/


property name=SqlConnMaster value=Provider=SQLOLEDB;Data Source=${SqlServer};
Integrated Security=SSPI/


property name=SqlDb
value=tempdb/



 !-- Targets --

 !-- Targets --

 !-- Targets -- 


target name=Bug


call target=Works/


call target=Fails/


/target 


target name=Works


sql connstring=${SqlConnMaster} delimiter=GO delimstyle=Normal
print=true expandprops=false![CDATA[


Print '${Unknown}'


]]/sql


/target


target name=Fails


sql connstring=${SqlConnMaster} delimiter=GO delimstyle=Normal
print=true expandprops=true![CDATA[


Print '${Unknown}'


]]/sql


/target




/project



Generated the following output:


Buildfile:
file:///C:/EnY/TEM_SQL/_nAnt/Bug.Build


Base Directory: C:\EnY\TEM_SQL\_nAnt.




Bug:






Works:




SQL Task:


Connection String: Provider=SQLOLEDB;Data Source=(Local); Integrated Security=SSPI


Use Transaction?: True


Batch Sql Statements?:
True


Batch Delimiter: GO


Delimiter Style: Normal


Fail On Error?: True


Source script file: 


Output file: 




SQL Statement:


Print '${Unknown}'




${Unknown}




Fails:




SQL Task:


Connection String: Provider=SQLOLEDB;Data Source=(Local); Integrated Security=SSPI


Use Transaction?: True


Batch Sql Statements?:
True


Batch Delimiter: GO


Delimiter Style: Normal


Fail On Error?: True


Source script file: 


Output file: 




Total time: 0 seconds.




BUILD FAILED




INTERNAL ERROR




System.NullReferenceException: Object
reference not set to an instance of an object.

 at NAnt.Core.BuildException.get_Message()

 at NAnt.Contrib.Tasks.SqlTask.ExecuteTask()

 at NAnt.Core.Task.Execute()

 at NAnt.Core.Target.Execute()

 at NAnt.Core.Project.Execute(String
targetName)

 at NAnt.Core.Tasks.CallTask.ExecuteTask()

 at NAnt.Core.Task.Execute()

 at NAnt.Core.Target.Execute()

 at NAnt.Core.Project.Execute(String
targetName)

 at NAnt.Core.Project.Execute()

 at NAnt.Core.Project.Run()




Please send bug report to [EMAIL PROTECTED]

[nant-dev] bug report help

2003-09-10 Thread Greg_Jahnke 
NAnt version 0.8.3 Copyright (C) 2001-2003 Gerry Shaw
http://nant.sourceforge.net

Buildfile: file:///D:/Build/Source/ClaimStation RichClient IR
1/Solutions/ClaimStation_RC_Solution_IR1/ClaimStation.build

build:

 [solution] Starting solution build.
 [solution] Included projects:
 [solution] Reference projects:
 [solution] Building PrototypeLibrary [debug]...
 [solution] Project is up-to-date
 [solution] Building ClaimStation_RC_IR1 [debug]...
 [solution] Copying references:
 [solution]  - System.XML
 [solution]  - System.Data
 [solution]  - PrototypeLibrary
 [copy] Copying 0 files to D:\Build\Source\ClaimStation
RichClient IR 1\Applications\ClaimStation_RC_IR1\bin\Debug\.
 [solution]  - System
 [solution]  - AxSHDocVw
 [solution] aximp.exe C:\WINNT\System32\shdocvw.dll /silent /out:D:
\Build\Source\ClaimStation RichClient IR
1\Applications\ClaimStation_RC_IR1\bin\Debug\Interop.AxSHDocVw.dll
 [solution]  - System.Windows.Forms
 [solution]  - SHDocVw
 [solution] tlbimp.exe C:\WINNT\System32\shdocvw.dll /silent /out:D:
\Build\Source\ClaimStation RichClient IR
1\Applications\ClaimStation_RC_IR1\bin\Debug\Interop.SHDocVw.dll
/namespace:SHDocVw
 [solution]  - dockingsuite
Total time: 8 seconds.

BUILD FAILED

INTERNAL ERROR

System.Exception: Couldn't find referenced assembly: D:
\Build\Source\DesktopApp\CustomLayout\bin\Debug\dockingsuite.dll
   at NAnt.VSNet.Tasks.Reference.GetReferenceFiles(ConfigurationSettings
cs)
   at NAnt.VSNet.Tasks.Project.Compile(String strConfiguration, ArrayList
alCSCArguments, String strLogFile, Boolean bVerbose, Boolean bShowCommands)
   at NAnt.VSNet.Tasks.Solution.Compile(String strConfiguration, ArrayList
alCSCArguments, String strLogFile, Boolean bVerbose, Boolean bShowCommands)
   at NAnt.VSNet.Tasks.SolutionTask.ExecuteTask()
   at NAnt.Core.Task.Execute()
   at NAnt.Core.Target.Execute()
   at NAnt.Core.Project.Execute(String targetName)
   at NAnt.Core.Project.Execute()
   at NAnt.Core.Project.Run()

Please send bug report to [EMAIL PROTECTED]




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
nant-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/nant-developers

[nant-dev] (no subject)

2003-09-10 Thread Tharen Debold 
Is there any work being done here?  I noticed a few todo’s regaring 
dependencies, etc.  Since I’m in need of this task, I might find some time 
to work on this…  however, have any thoughts been given to where/how to 
store dependency info?



 Tharen

_
Compare Cable, DSL or Satellite plans: As low as $29.95.  
https://broadband.msn.com



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
nant-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/nant-developers

RE: [nant-dev] Re: [Nant-users] 0.8.3 final

2003-09-10 Thread Brar Piening 
 Ian MacLean wrote:

 I'm still fleshing out the details but basically infer the locale based
 on the resx file name ( or allow it to be specified ) and then use

... or infer it if not specified?

 assemblylinker to build the satellite assemblies.

So you plan a comfort feature of implicitly resgening *.resx files to
*.resources files (as seen in the csc task) for the al task too?
I'd appreciate that.

 
 I'm asking because I'm doing a localized build (use of fallback *.resx-
 files
 compiled into the main assembly and localized satellite assemblies) of
 current Npgsql CVS
 (http://gborg.postgresql.org/project/npgsql/projdisplay.php) using NAnt
 and
 mostly all of my problems are outside of NAnt ([Linux] lack of Mono
 assembly
 linker; [Mono Windows] monoresgen failure (at least for default
 installation)).
 
 So does that mean you can't use localised resources on mono if there is
 no assembly linker ?

It means you can't use satellite assemblies on mono as there's no way to
compile them (actually I never tried to run mcs without *.cs files and only
-resource:my.resource specified but I don't expect it to work ;-).

You still can compile the whole set of resources into the main assembly
using mcs and -resource:my.resource, or directly use the *.resources files
from the application (see:
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconretrievingresource
sinresourcesfiles.asp?frame=true)
(I never tried this too, I don't even know if the necessary classes are
implemented - but in this case I expect it to work.)
I personally expect the windows guys to use MS .Net (except developers who
should speak English) and the linux guys to speak some English until mono
provides an al.

 
 In Fact the only Nant-Problem (in my case) is the lack of a Prefix
 Attribute for the resgen-task (to prefix the namespace to the *.resources
 files) which I usually patch out for my own NAnt installation and fix by
 a
 script-task (ugly) for the public.
 
 
 
 OK - I'm going to fix that as well in the next day or so. Its a simple
 enough change.

Thanks in advance.

Brar




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
___
nant-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/nant-developers