|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Re: full trus and 1.1 SP1me. I definitely had the scenario described below where I had executed some code but later got a security exception saying I didnt have execute permission. This was pretty weird and I can't reprodce this in a simple app I then realised that in the past I had trusted this assembly in various ways through the "trust my assembly wizard" It took me a little while to figure out how to undo this - eventually I realized I had to delete the codegroups the wizard had generated - Wizard_0, Wizard_1, etc. I then discovered what looks like a bug to me - after removing the wizard generated code groups, change the machine level security policy - these wizard generated security groups magically reappear! (You have to close and then reopen the 1.1 .Net framework configuration wizard applet to see this) So once I realised this was happening, I changed my machine level security to medium trust and then deleted my magically recreated codegroups. Now in this state, my test application behaves as I would expect and I can successfully check for full trust. However, my real application won't launch and I get the exception An unhandled exception of type 'System.Security.SecurityException' occurred in Unknown Module. Additional information: Request for the permission of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. Why might this be? Hope some of this makes sense :) Anrew Show quoteHide quote "Nicole Calinoiu" wrote: > "AndrewEames" <AndrewEa***@discussions.microsoft.com> wrote in message > news:B5DEB5D5-E5DB-4D4F-9F22-31AE8438A147@microsoft.com... > >I just applied 1.1 SP1 and I am seeing some changes in behavior wrt. > >security > > > > If I set my security level to no trust, my .NET application will now > > actualy > > execute until Application.Run (previously, it wouldn't even start up > > without > > execute permission) > > This seems rather unlikely. It might be a good idea to confirm whether your > application is truly being granted no permissions at all > (http://support.microsoft.com/kb/815170/EN-US/). If it really isn't being > granted SecurityPermission\Execution, could you please post short but > complete sample code (http://www.yoda.arachsys.com/csharp/complete.html) for > an application that demonstrates this? > > > > So great I thought - I can put up a friendly dialog for my users if I dont > > have full trust. so I added the following code > > > > PermissionSet fullTrust = new > > PermissionSet(PermissionState.Unrestricted); > > try > > { > > fullTrust.Demand(); > > } > > catch(SecurityException) > > { > > > > However, this demand succeeds even if I am running under no trust - why is > > this? > > Probably because the demand applies only to callers, but not to the method > in which it is used. Try moving the demand into a separate method called > from within your Main method. > > > > Thanks > > Andrew > > > > > > > Unless you have other policy changes that need to be preserved, it might be
a good idea to reset your CAS policy to default settings in order to start from a "clean" configuration. To do this, launch the ".NET Framework 1.1 Configuration" MSC, right-click on the "Runtime Security Policy" node, then select the "Reset All..." option from the shortcut menu. Before you perform the reset, you may want to back up your existing policy files in case there are other changes that should be conserved (or at least reproduced after the reset). For the locations of the configuration files, see http://msdn.microsoft.com/library/en-us/cpguide/html/cpconsecurityconfigurationfiles.asp. BTW, it may be useful to keep in mind that it's possible to instruct the ..NET runtime to omit verification of execution permission (e.g.: caspol -e off) when launching code. If this option is in effect, it's reasonable to expect that an assembly with supposedly no permissions would be able to execute until it encounters a (link)demand for any code access permission. To verify whether the option to skip execution skipping is enabled, you can run caspol -l (the option status will be displayed at the start of the output), or read the value of the System.Security.SecurityManager.CheckExecutionRights property from managed code. HTH, Nicole Show quoteHide quote "AndrewEames" <AndrewEa***@discussions.microsoft.com> wrote in message news:7D0024C3-035A-40E3-B983-C6F71B193160@microsoft.com... > OK - I have a few different things going on here which appear to be > confusing > me. > > I definitely had the scenario described below where I had executed some > code > but later got a security exception saying I didnt have execute permission. > This was pretty weird and I can't reprodce this in a simple app > > I then realised that in the past I had trusted this assembly in various > ways > through the "trust my assembly wizard" It took me a little while to figure > out how to undo this - eventually I realized I had to delete the > codegroups > the wizard had generated - Wizard_0, Wizard_1, etc. > > I then discovered what looks like a bug to me - after removing the wizard > generated code groups, change the machine level security policy - these > wizard generated security groups magically reappear! (You have to close > and > then reopen the 1.1 .Net framework configuration wizard applet to see > this) > > So once I realised this was happening, I changed my machine level security > to medium trust and then deleted my magically recreated codegroups. Now in > this state, my test application behaves as I would expect and I can > successfully check for full trust. However, my real application won't > launch > and I get the exception > > An unhandled exception of type 'System.Security.SecurityException' > occurred > in Unknown Module. > > Additional information: Request for the permission of type > System.Security.Permissions.SecurityPermission, mscorlib, > Version=1.0.5000.0, > Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. > > Why might this be? > > Hope some of this makes sense :) > Anrew > > "Nicole Calinoiu" wrote: > >> "AndrewEames" <AndrewEa***@discussions.microsoft.com> wrote in message >> news:B5DEB5D5-E5DB-4D4F-9F22-31AE8438A147@microsoft.com... >> >I just applied 1.1 SP1 and I am seeing some changes in behavior wrt. >> >security >> > >> > If I set my security level to no trust, my .NET application will now >> > actualy >> > execute until Application.Run (previously, it wouldn't even start up >> > without >> > execute permission) >> >> This seems rather unlikely. It might be a good idea to confirm whether >> your >> application is truly being granted no permissions at all >> (http://support.microsoft.com/kb/815170/EN-US/). If it really isn't >> being >> granted SecurityPermission\Execution, could you please post short but >> complete sample code (http://www.yoda.arachsys.com/csharp/complete.html) >> for >> an application that demonstrates this? >> >> >> > So great I thought - I can put up a friendly dialog for my users if I >> > dont >> > have full trust. so I added the following code >> > >> > PermissionSet fullTrust = new >> > PermissionSet(PermissionState.Unrestricted); >> > try >> > { >> > fullTrust.Demand(); >> > } >> > catch(SecurityException) >> > { >> > >> > However, this demand succeeds even if I am running under no trust - why >> > is >> > this? >> >> Probably because the demand applies only to callers, but not to the >> method >> in which it is used. Try moving the demand into a separate method called >> from within your Main method. >> >> >> > Thanks >> > Andrew >> > >> > >> >> >> 
Other interesting topics
Re: RSA Encrypt/Decrypt Problems
License File Generator Using Digital Signatures SecurityCritical, SecurityTreatAsSafe and SecurityTransparent Attributes? Howto obtain WindowsIdentity for client calling method on COM+ application? ildasm Howto obtain WindowsIdentity for client calling method on COM+ application? Bouncy Castle C# crypto port Re: A single page from an existing application under SSL? |
|||||||||||||||||||||||
