----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Ant Developers List" <[EMAIL PROTECTED]> Sent: Tuesday, July 09, 2002 5:25 AM Subject: Ant Security
> I see a lot of discussion in the antlib/ant2 threads about automatic > download of required jars. To me this raises some security concerns. It > would be quite simple for this mechanism to be abused to load > unauthorized code onto a user's machine. Already, today, the ability to > <get> and <exec> exists. The addition of proxy capability will only make > this easier. We are fortunate today that ant is not common enough to be a juicy target; just as Perl on windows isnt enough of a target to merit writing email viruses in...this is why I bind .vbs, .js. .wsh to notepad, but keep .perl bound to perl. When people move to the .ant extension to running ant, then we have more of an issue, as you could email something and run it. Otherwise, if someone is running a local build file that gets, SCM fetches and run stuff, that is their problem, as it is a per build file issue. Rant is a security issue; it will run any build file you ask for. So if you can get an ant file up to the server, and you know its real path, you can run it. That's where a security manager can really come into play. I think it is a nice idea to include the notion that stuff may be running under a security manager from the outset. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
