Re: Environment.CommandLine Security Exception
From: Dave Ferguson (support@ignitelogic)
Date: 02/27/03
- Next message: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Previous message: Gen E: "CAS"
- In reply to: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Next in thread: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Reply: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dave Ferguson" <support@ignitelogic> Date: Wed, 26 Feb 2003 21:39:56 -0800
Thank you for the help. I think I'm close, but I'm
missing a key concept or two.
So...
I have an exe with the namespace Main
It loads a dll with the namespace BaseFunctions (which
calls Environment.CommandLine)
1. I created Main.snk and BaseFunctions.snk
2. I added the reference to these key pairs in their
respective assembly files.
3. Now...I want the file to be able to run from a network
drive. Is using the caspol tool how you propose to grant
permissions? Or can I instead programmatically do this by
calling the EnvironmentPermission method?
(The best help would be if there is sample code somewhere
that you recommend. I have found tons of 'literature' on
the security concepts, but no code...)
Thank you again.
>-----Original Message-----
>also, read this useful article:
>
http://msdn.microsoft.com/msdnmag/issues/02/07/netsmartcli
ents/default.aspx
> and look at the Intranet/Internet permissions chart:
>
http://msdn.microsoft.com/msdnmag/issues/02/07/netsmartcli
ents/figures.asp#fig4
>
> - Michel Gallant
> MVP Security
> http://www.jensign.com
>
>"Shel Blauman [MSFT]" <sheldonb@online.microsoft.com>
wrote in message
>news:e#qikYf3CHA.2472@TK2MSFTNGP11.phx.gbl...
>> You will need EnvironmentPermission for the ability
to access the "Path"
>> environment variable. Associated enumeration:
>> EnvironmentPermissionAccess.Read . What you are
running into is executables
>> from a share run under the Local Intranet zone, with
diminished permissions.
>> Here is a short article on running from a share:
>>
>> The following applies to a managed executable program
(.exe) that executes
>> with greater permissions than normally would be
granted to the zone to which
>> the assembly belongs. For a program hosted on another
computer in a local
>> area network, this would be the Local Intranet zone.
Any file residing on a
>> mapped network drive is, by default, in the Local
Intranet zone and operates
>> under its permission set. If the assembly to be run
does not require any
>> permissions other than those normally granted to
applications running in the
>> Local Intranet zone, signing and creating a custom
code group are not
>> required. The below steps are only necessary when the
assembly causes a
>> security exception to be thrown when it is executed.
It is strongly
>> recommended that the permissions granted the Local
Intranet zone not be
>> changed to FullTrust as an alternative to the
following steps.
>>
>>
>>
>> Check that the following conditions have been met:
>>
>>
>>
>> 1.. The evidence identifying the executable is used
to set the membership
>> condition in a code group, using either the .NET
Configuration Tool
>> (Mscorcfg.msc) or caspol.exe. Although other
membership conditions are
>> available, the recommended practice is to sign the
assembly with a strong
>> name or a certificate.
>>
>>
>> To create a strong name use sn.exe:
>>
>>
>>
>> sn -k keyPair.snk
>>
>>
>>
>> // This strong name key is used to create a code group
that gives //
>> permissions to this assembly.
>>
>> [assembly: AssemblyKeyFile("keyPair.snk")]
>>
>> namespace SignedAssembly
>>
>>
>>
>> 2.. The code group corresponding to the evidence of
the executable gives
>> the permissions the assembly requires. If the
executable is identified by a
>> strong name, the code group will utilize the
StrongNameMembershipCondition.
>>
>>
>> caspol -machine -addgroup All_Code -strong -file
signedassembly.exe
>> FullTrust -name FouthCoffeeStrongName -
description "Code group granting
>> trust to code signed by FourthCoffee"
>>
>>
>>
>> Alternatively, the code group can be created using the
Microsoft .NET
>> Framework Configuration tool (Mscorcfg.msc) found
under Administrative
>> Tools.
>>
>>
>>
>>
>>
>> 3.. The runtime version on the host computer is
compatible with the
>> runtime used to compile the assembly.
>>
>>
>> 4.. The code group created for the executable is in
the same runtime that
>> the executable uses.
>>
>>
>> Hope this helps,
>>
>>
>>
>> Shel
>>
>>
>> --
>> This posting is provided "AS IS" with no warranties,
and confers no rights.
>> Use of included script samples are subject to the
terms specified at
>> http://www.microsoft.com/info/cpyright.htm
>>
>>
>> "Dave Ferguson" <support@ignitelogic.com> wrote in
message
>> news:076601c2ddec$dd75cb20$3001280a@phx.gbl...
>> > I have a C# application that uses the CommandLine
>> > property to get the name of the program. This works
fine
>> > when running from the local hard disk.
>> >
>> > If I try to run the program from a network drive I
get a
>> > SecurityException. I am running with administrator
>> > permissions and from Windows I can add/delete/create
>> > files and directories.
>> >
>> > What do I need to do to allow the program to be able
to
>> > get the Environment.CommandLine value?
>>
>>
>
>
>.
>
- Next message: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Previous message: Gen E: "CAS"
- In reply to: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Next in thread: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Reply: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
