Re: [nant-dev] NUnit security
It is. But you do not run builded assemblies during builds. Only the test code is run (and through it the real code) Martin - Original Message - From: Philip Nelson [EMAIL PROTECTED] To: Martin Aliger [EMAIL PROTECTED]; !nant [EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 5:25 PM Subject: Re: [nant-dev] NUnit security How is this more risky than running the code you are actually testing? Isn't the real code and the test code written by the same group? --- Martin Aliger [EMAIL PROTECTED] wrote: Hi all, I found serious security problem. My build server, which use NAnt internally, runs as windows service (as all build servers I know runs). This service runs as priviliged user. Nothing wrong with that unless you run test-cases with NUnit. It runs user code, which could contain maligious tests... It is not big problem for us, since I trust my coleagues, but it could be problem in some scenarios. What about limit somehow permitions in NUnitTask? Or is something done in NUnit itself? Regards, Martin --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ nant-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-developers --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ nant-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-developers
RE: [nant-dev] NUnit security
Title: [nant-dev] NUnit security Hi Martin, If you have no special need for your service to run under a privileged account, let it then run with aless privilegedaccount. Otherwise you can use the built-in .Net runtime security features: Let your nant script copy everithing you need to a special folder (incl Nunit assemblies). configure the .Net runtime on the build server so that everithing that is runned from this folder is granted less privileges. If your running W*S go to the administrative tools, .net Framework Configuration Runtime Security policyMachine code groups all Code My_computer_zone make a new code group who's condition types is url and use "file://some directory/*.*" the choose the permission set you want to use. (this can be done via the cmd line caspol) Hope this helps. Yves -Oorspronkelijk bericht- Van: Martin Aliger [mailto:[EMAIL PROTECTED] Verzonden: wo 9/10/2003 4:43 PM Aan: ! nant CC: Onderwerp: [nant-dev] NUnit security Hi all,I found serious security problem. My build server, which use NAntinternally, runs as windows service (as all build servers I know runs). Thisservice runs as priviliged user. Nothing wrong with that unless you runtest-cases with NUnit. It runs user code, which could contain maligioustests... It is not big problem for us, since I trust mycoleagues, but it could be problem in some scenarios.What about limit somehow permitions in NUnitTask? Or is something done inNUnit itself?Regards,Martin---This sf.net email is sponsored by:ThinkGeekWelcome to geek heaven.http://thinkgeek.com/sf___nant-developers mailing list[EMAIL PROTECTED]https://lists.sourceforge.net/lists/listinfo/nant-developers
Re: [nant-dev] NUnit security
Title: [nant-dev] NUnit security Seems ok. It is not problem for me - just a general thought. Maybe we could add noteabout it into doc for NUnit{1,2} tasks. Could be problem for projects like Draco.NET or CruiseControl.NET which use Nant internally. The rights should be adjustablefrom task attributes in future. Some tests could need more rights than others and only author of build file knows. Martin - Original Message - From: Lorphelin Yves To: Martin Aliger ; ! nant Sent: Wednesday, September 10, 2003 6:11 PM Subject: RE: [nant-dev] NUnit security Hi Martin, If you have no special need for your service to run under a privileged account, let it then run with aless privilegedaccount. Otherwise you can use the built-in .Net runtime security features: Let your nant script copy everithing you need to a special folder (incl Nunit assemblies). configure the .Net runtime on the build server so that everithing that is runned from this folder is granted less privileges. If your running W*S go to the administrative tools, .net Framework Configuration Runtime Security policyMachine code groups all Code My_computer_zone make a new code group who's condition types is url and use "file://some directory/*.*" the choose the permission set you want to use. (this can be done via the cmd line caspol) Hope this helps. Yves -Oorspronkelijk bericht- Van: Martin Aliger [mailto:[EMAIL PROTECTED] Verzonden: wo 9/10/2003 4:43 PM Aan: ! nant CC: Onderwerp: [nant-dev] NUnit security Hi all,I found serious security problem. My build server, which use NAntinternally, runs as windows service (as all build servers I know runs). Thisservice runs as priviliged user. Nothing wrong with that unless you runtest-cases with NUnit. It runs user code, which could contain maligioustests... It is not big problem for us, since I trust mycoleagues, but it could be problem in some scenarios.What about limit somehow permitions in NUnitTask? Or is something done inNUnit itself?Regards,Martin---This sf.net email is sponsored by:ThinkGeekWelcome to geek heaven.http://thinkgeek.com/sf___nant-developers mailing list[EMAIL PROTECTED]https://lists.sourceforge.net/lists/listinfo/nant-developers
Re: [nant-dev] NUnit security
Especially those people using Draco.NET to build Sourceforge projects. :) Martin Aliger wrote: Seems ok. It is not problem for me - just a general thought. Maybe we could add note about it into doc for NUnit{1,2} tasks. Could be problem for projects like Draco.NET or CruiseControl.NET which use Nant internally. The rights should be adjustable from task attributes in future. Some tests could need more rights than others and only author of build file knows. Martin - Original Message - *From:* Lorphelin Yves mailto:[EMAIL PROTECTED] *To:* Martin Aliger mailto:[EMAIL PROTECTED] ; ! nant mailto:[EMAIL PROTECTED] *Sent:* Wednesday, September 10, 2003 6:11 PM *Subject:* RE: [nant-dev] NUnit security Hi Martin, If you have no special need for your service to run under a privileged account, let it then run with a less privileged account. Otherwise you can use the built-in .Net runtime security features: Let your nant script copy everithing you need to a special folder (incl Nunit assemblies). configure the .Net runtime on the build server so that everithing that is runned from this folder is granted less privileges. If your running W*S go to the administrative tools, .net Framework Configuration Runtime Security policyMachine code groups all Code My_computer_zone make a new code group who's condition types is url and use file://some directory/*.* the choose the permission set you want to use. (this can be done via the cmd line caspol) Hope this helps. Yves -Oorspronkelijk bericht- *Van:* Martin Aliger [mailto:[EMAIL PROTECTED] *Verzonden:* wo 9/10/2003 4:43 PM *Aan:* ! nant *CC:* *Onderwerp:* [nant-dev] NUnit security Hi all, I found serious security problem. My build server, which use NAnt internally, runs as windows service (as all build servers I know runs). This service runs as priviliged user. Nothing wrong with that unless you run test-cases with NUnit. It runs user code, which could contain maligious tests... It is not big problem for us, since I trust my coleagues, but it could be problem in some scenarios. What about limit somehow permitions in NUnitTask? Or is something done in NUnit itself? Regards, Martin --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ nant-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-developers --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ nant-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-developers
[nant-dev] Bug Report - SQLTask aborts when expandprops=true and a property has not been defined
Took a while to track this one down. I was trying to replace ${nant.Version} when I should have been using ${nant.version} Sigh SQL Task Aborts when expandprops=true and a ${property} has not been defined The following Build Script project name=SQL bug basedir=. default=Bug !-- Properties -- !-- Properties -- !-- Properties -- property name=SqlServer value=(Local)/ property name=SqlConnMaster value=Provider=SQLOLEDB;Data Source=${SqlServer}; Integrated Security=SSPI/ property name=SqlDb value=tempdb/ !-- Targets -- !-- Targets -- !-- Targets -- target name=Bug call target=Works/ call target=Fails/ /target target name=Works sql connstring=${SqlConnMaster} delimiter=GO delimstyle=Normal print=true expandprops=false![CDATA[ Print '${Unknown}' ]]/sql /target target name=Fails sql connstring=${SqlConnMaster} delimiter=GO delimstyle=Normal print=true expandprops=true![CDATA[ Print '${Unknown}' ]]/sql /target /project Generated the following output: Buildfile: file:///C:/EnY/TEM_SQL/_nAnt/Bug.Build Base Directory: C:\EnY\TEM_SQL\_nAnt. Bug: Works: SQL Task: Connection String: Provider=SQLOLEDB;Data Source=(Local); Integrated Security=SSPI Use Transaction?: True Batch Sql Statements?: True Batch Delimiter: GO Delimiter Style: Normal Fail On Error?: True Source script file: Output file: SQL Statement: Print '${Unknown}' ${Unknown} Fails: SQL Task: Connection String: Provider=SQLOLEDB;Data Source=(Local); Integrated Security=SSPI Use Transaction?: True Batch Sql Statements?: True Batch Delimiter: GO Delimiter Style: Normal Fail On Error?: True Source script file: Output file: Total time: 0 seconds. BUILD FAILED INTERNAL ERROR System.NullReferenceException: Object reference not set to an instance of an object. at NAnt.Core.BuildException.get_Message() at NAnt.Contrib.Tasks.SqlTask.ExecuteTask() at NAnt.Core.Task.Execute() at NAnt.Core.Target.Execute() at NAnt.Core.Project.Execute(String targetName) at NAnt.Core.Tasks.CallTask.ExecuteTask() at NAnt.Core.Task.Execute() at NAnt.Core.Target.Execute() at NAnt.Core.Project.Execute(String targetName) at NAnt.Core.Project.Execute() at NAnt.Core.Project.Run() Please send bug report to [EMAIL PROTECTED]
[nant-dev] bug report help
NAnt version 0.8.3 Copyright (C) 2001-2003 Gerry Shaw http://nant.sourceforge.net Buildfile: file:///D:/Build/Source/ClaimStation RichClient IR 1/Solutions/ClaimStation_RC_Solution_IR1/ClaimStation.build build: [solution] Starting solution build. [solution] Included projects: [solution] Reference projects: [solution] Building PrototypeLibrary [debug]... [solution] Project is up-to-date [solution] Building ClaimStation_RC_IR1 [debug]... [solution] Copying references: [solution] - System.XML [solution] - System.Data [solution] - PrototypeLibrary [copy] Copying 0 files to D:\Build\Source\ClaimStation RichClient IR 1\Applications\ClaimStation_RC_IR1\bin\Debug\. [solution] - System [solution] - AxSHDocVw [solution] aximp.exe C:\WINNT\System32\shdocvw.dll /silent /out:D: \Build\Source\ClaimStation RichClient IR 1\Applications\ClaimStation_RC_IR1\bin\Debug\Interop.AxSHDocVw.dll [solution] - System.Windows.Forms [solution] - SHDocVw [solution] tlbimp.exe C:\WINNT\System32\shdocvw.dll /silent /out:D: \Build\Source\ClaimStation RichClient IR 1\Applications\ClaimStation_RC_IR1\bin\Debug\Interop.SHDocVw.dll /namespace:SHDocVw [solution] - dockingsuite Total time: 8 seconds. BUILD FAILED INTERNAL ERROR System.Exception: Couldn't find referenced assembly: D: \Build\Source\DesktopApp\CustomLayout\bin\Debug\dockingsuite.dll at NAnt.VSNet.Tasks.Reference.GetReferenceFiles(ConfigurationSettings cs) at NAnt.VSNet.Tasks.Project.Compile(String strConfiguration, ArrayList alCSCArguments, String strLogFile, Boolean bVerbose, Boolean bShowCommands) at NAnt.VSNet.Tasks.Solution.Compile(String strConfiguration, ArrayList alCSCArguments, String strLogFile, Boolean bVerbose, Boolean bShowCommands) at NAnt.VSNet.Tasks.SolutionTask.ExecuteTask() at NAnt.Core.Task.Execute() at NAnt.Core.Target.Execute() at NAnt.Core.Project.Execute(String targetName) at NAnt.Core.Project.Execute() at NAnt.Core.Project.Run() Please send bug report to [EMAIL PROTECTED] --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ nant-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-developers
[nant-dev] (no subject)
Is there any work being done here? I noticed a few todos regaring dependencies, etc. Since Im in need of this task, I might find some time to work on this however, have any thoughts been given to where/how to store dependency info? Tharen _ Compare Cable, DSL or Satellite plans: As low as $29.95. https://broadband.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ nant-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-developers
RE: [nant-dev] Re: [Nant-users] 0.8.3 final
Ian MacLean wrote: I'm still fleshing out the details but basically infer the locale based on the resx file name ( or allow it to be specified ) and then use ... or infer it if not specified? assemblylinker to build the satellite assemblies. So you plan a comfort feature of implicitly resgening *.resx files to *.resources files (as seen in the csc task) for the al task too? I'd appreciate that. I'm asking because I'm doing a localized build (use of fallback *.resx- files compiled into the main assembly and localized satellite assemblies) of current Npgsql CVS (http://gborg.postgresql.org/project/npgsql/projdisplay.php) using NAnt and mostly all of my problems are outside of NAnt ([Linux] lack of Mono assembly linker; [Mono Windows] monoresgen failure (at least for default installation)). So does that mean you can't use localised resources on mono if there is no assembly linker ? It means you can't use satellite assemblies on mono as there's no way to compile them (actually I never tried to run mcs without *.cs files and only -resource:my.resource specified but I don't expect it to work ;-). You still can compile the whole set of resources into the main assembly using mcs and -resource:my.resource, or directly use the *.resources files from the application (see: http://msdn.microsoft.com/library/en-us/cpguide/html/cpconretrievingresource sinresourcesfiles.asp?frame=true) (I never tried this too, I don't even know if the necessary classes are implemented - but in this case I expect it to work.) I personally expect the windows guys to use MS .Net (except developers who should speak English) and the linux guys to speak some English until mono provides an al. In Fact the only Nant-Problem (in my case) is the lack of a Prefix Attribute for the resgen-task (to prefix the namespace to the *.resources files) which I usually patch out for my own NAnt installation and fix by a script-task (ugly) for the public. OK - I'm going to fix that as well in the next day or so. Its a simple enough change. Thanks in advance. Brar --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ nant-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-developers