I am reading through the documentation on the shell executor and there is a security warning that states
Generally it’s unsafe to run tests with shell executors. The jobs are run with the user’s permissions (
gitlab-runner) and can “steal” code from other projects that are run on this server. Use it only for running builds on a server you trust and own.
I don’t really understand this. I get that the job will be run as the
gitlab-runner user which will most likely have elevated permissions, but I don’t understand how running tests would be more of a risk than running any other job. Maybe I’m just totally misunderstanding the meaning of this.
Could someone explain it to me or point me to some links that would help me understand?