It is. But you do not run builded assemblies during builds. Only the test code is run (and through it the real code)
Martin ----- Original Message ----- From: "Philip Nelson" <[EMAIL PROTECTED]> To: "Martin Aliger" <[EMAIL PROTECTED]>; "!nant" <[EMAIL PROTECTED]> Sent: Wednesday, September 10, 2003 5:25 PM Subject: Re: [nant-dev] NUnit security > How is this more risky than running the code you are actually testing? Isn't > the real code and the test code written by the same group? > > --- Martin Aliger <[EMAIL PROTECTED]> wrote: > > Hi all, > > > > I found serious security problem. My build server, which use NAnt > > internally, runs as windows service (as all build servers I know runs). This > > service runs as priviliged user. Nothing wrong with that unless you run > > test-cases with NUnit. It runs user code, which could contain maligious > > tests... It is not big problem for us, since I trust my > > coleagues, but it could be problem in some scenarios. > > > > What about limit somehow permitions in NUnitTask? Or is something done in > > NUnit itself? > > > > Regards, > > Martin > > > > > > > > > > ------------------------------------------------------- > > This sf.net email is sponsored by:ThinkGeek > > Welcome to geek heaven. > > http://thinkgeek.com/sf > > _______________________________________________ > > nant-developers mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/nant-developers > > > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ nant-developers mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/nant-developers
