ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 28546] - Ant should offer hierarchical resource containment
Date Thu, 26 May 2005 22:36:22 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28546>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28546





------- Additional Comments From curt@developerx.com  2005-05-27 00:36 -------
"Could you elaborate on which resources, in addition to time (see ant-contrib's
limit task), you would expect to be controlled here?"

Basically everything that you might limit by a SecurityManager Permission or a
security policy.
http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html

Security conscious companies and Ant service providers ("build farms" and "test
farms") will want to restrict access to files, sockets, native code, external
executables, AWT, audio, etc...

There are basically two scenarios that this provides solutions to.  One build on
a shared build server could be "arbitrarily incompetent".  Such a build could
attempt to delete all of the files the server in an attempt to clean-up after
itself, accidentally run against production machines with test data, and on and
on.  All of these things are also true for a build that is actually malicious.

This is just a mechanism to ensure that a build "can't hurt anything else"
outside of some set of permissions it has been given.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message