Re: Environment.CommandLine Security Exception
From: Dave Ferguson (support@ignitelogic.com)
Date: 02/27/03
- Next message: Bhanu Pisupati: "Using VS.NET with mapped drive"
- Previous message: Don Dumitru [MSFT]: "Re: Environment.CommandLine Security Exception"
- In reply to: Don Dumitru [MSFT]: "Re: Environment.CommandLine Security Exception"
- Next in thread: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Reply: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Dave Ferguson" <support@ignitelogic.com> Date: Thu, 27 Feb 2003 14:43:24 -0800
But commercial apps that ship to customers do get
installed on network drives and they typically don't
require that users get into the details of security as
long as the user has access to the needed resources. I
believe an MS Office network install is a good example of
this.
>-----Original Message-----
>The particular problem here is that the original poster
wanted to run the
>app from a *network* share. The default config for the
CLR is to give
>reduced priveleges to app's running from *network*
shares - if the app is
>instead running from the local hard disk, the app would
have full rights
>(under the default config).
>
>The rationale behind this is that files on a network
share are theoretically
>more vulnerable to attack by hackers than are files
installed on your local
>hard disk.
>
>For a commercial app that ships to customers, the app
would get copied to
>the local hard disk, and thus wouldn't need any changes
to the security
>config.
>
>--Don
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>
>
>"Dave Ferguson" <support@ignitelogic.com> wrote in
message
>news:06cd01c2dea5$defeb600$3301280a@phx.gbl...
>> Wow. I could be missing something here, but if I
>> understand correctly: You can never ship a commercial
>> product for network installation that is based on
>> the .Net Framework without requiring users to
understand
>> security. That is a potentially huge support burden
for a
>> software company! Is MSOffice built on the .Net
>> framework? It is able to be installed and run from a
>> network drive without having to use the .Net Framework
>> Configuration tool or CASPOL. Right?
>>
>> >-----Original Message-----
>> >Not possible, unless you have control of group policy
>> for all
>> >the users machines (see also Enterprise Security Level
>> in CAS).
>> >
>> >Don't forget that CAS is about protecting users from
the
>> code
>> >itself, not about allowing users with specific
>> permissions to
>> >execute that code. Users need to be protected against
>> code
>> >which can't be properly "validated".
>> >Also, keep in mind that there are probably hackers
>> reading
>> >these groups, looking for poor security practices,
used
>> by
>> >developers .. waiting for their opportunity ... to
>> subvert
>> >poor implementations of an otherwise great .net
security
>> infrastructure.
>> >
>> >If you need transparency, you must deploy your
>> application to
>> >your users so it is installed locally, or deploy
>> configuration
>> >changes to all your users (hence group policy comment
>> above).
>> >
>> >
>> >- Mitch
>> >
>> >"Dave Ferguson" <support@ignitelogic.com> wrote in
>> message
>> >news:055801c2de8c$a5ec7500$3001280a@phx.gbl...
>> >> But isn't CASPOL and the .Net Framework
Configuration
>> >> tool used to modify security policies on the
machine? I
>> >> need to be able to ship the program to many users -
>> each
>> >> of which should be able to run the program without
>> >> worrying about security policies. As long as the
user
>> has
>> >> the appropriate permissions, the program should run
>> >> correctly from whatever location the user chooses.
>> Isn't
>> >> this possible?
>> >>
>> >>
>> >> >-----Original Message-----
>> >> >You can use caspol to set policy or use the .NET
>> >> Framework Configuration
>> >> >tools (under Administrative tools). I prefer the
>> >> latter. You have a couple
>> >> >of choices, creating a code group (in this case
two,
>> >> since you used two
>> >> >different keys) using strong names as the
membership
>> >> condition and giving
>> >> >both assemblies FullTrust (which I don't
recommend),
>> or,
>> >> creating custom
>> >> >named permission(s) first (also under the .NET
>> Framework
>> >> Configuration
>> >> >tool), then using those custom named permission
sets
>> >> when you create your
>> >> >code groups. This is the most secure way of
granting
>> >> permissions, because
>> >> >it will only give the permissions the assemblies
need
>> to
>> >> run, helping to
>> >> >prevent misuse.
>> >> >
>> >> >--
>> >> >This posting is provided "AS IS" with no
warranties,
>> and
>> >> confers no rights.
>> >> >Use of included script samples are subject to the
>> terms
>> >> specified at
>> >> >http://www.microsoft.com/info/cpyright.htm
>> >> >
>> >> >
>> >> >"Michel Gallant (MVP)" <neutron@istar.ca> wrote in
>> >> message
>> >> >news:OF$SHpi3CHA.2324@TK2MSFTNGP10.phx.gbl...
>> >> >> Since CAS is "Code Access Security", the code
itself
>> >> can't request
>> >> >> more privileges than is available via your local
>> >> policy file.
>> >> >> Therefore, if an exception is thrown for code
>> sourced
>> >> from the
>> >> >> Local Intranet, the only way you can get around
this
>> >> is to adjust
>> >> >> your code policy (via caspol or .net config
tool),
>> in
>> >> a SAFE way,
>> >> >> to allow permissions to code that you deem is
>> >> trustworthy, i.e. code
>> >> >> that is digitally signed or Strong-Named.
>> >> >>
>> >> >> You can RESTRICT what your code can do, with
>> >> declarative statements,
>> >> >> so that you allow exactly and only the
permissions
>> you
>> >> wish the code to
>> >> >> have. This is a good "due diligence" strategy on
the
>> >> part of a programmer,
>> >> >> particularly in more complex applications, to not
>> >> expose your code to more
>> >> >> privileges than what it needs to get the job
done.
>> >> >>
>> >> >> - Mitch
>> >> >>
>> >> >> "Dave Ferguson" <support@ignitelogic> wrote in
>> message
>> >> >> news:039a01c2de22$a93f0890$a501280a@phx.gbl...
>> >> >> > Thank you for the help. I think I'm close, but
I'm
>> >> >> > missing a key concept or two.
>> >> >> >
>> >> >> > So...
>> >> >> >
>> >> >> > I have an exe with the namespace Main
>> >> >> > It loads a dll with the namespace BaseFunctions
>> >> (which
>> >> >> > calls Environment.CommandLine)
>> >> >> >
>> >> >> > 1. I created Main.snk and BaseFunctions.snk
>> >> >> > 2. I added the reference to these key pairs in
>> their
>> >> >> > respective assembly files.
>> >> >> > 3. Now...I want the file to be able to run
from a
>> >> network
>> >> >> > drive. Is using the caspol tool how you
propose to
>> >> grant
>> >> >> > permissions? Or can I instead programmatically
do
>> >> this by
>> >> >> > calling the EnvironmentPermission method?
>> >> >> >
>> >> >> > (The best help would be if there is sample code
>> >> somewhere
>> >> >> > that you recommend. I have found tons
>> >> of 'literature' on
>> >> >> > the security concepts, but no code...)
>> >> >> >
>> >> >> > Thank you again.
>> >> >> >
>> >> >> > >-----Original Message-----
>> >> >> > >also, read this useful article:
>> >> >> > >
>> >> >> >
>> >>
>>
http://msdn.microsoft.com/msdnmag/issues/02/07/netsmartcli
>> >> >> > ents/default.aspx
>> >> >> > > and look at the Intranet/Internet permissions
>> >> chart:
>> >> >> > >
>> >> >> >
>> >>
>>
http://msdn.microsoft.com/msdnmag/issues/02/07/netsmartcli
>> >> >> > ents/figures.asp#fig4
>> >> >> > >
>> >> >> > > - Michel Gallant
>> >> >> > > MVP Security
>> >> >> > > http://www.jensign.com
>> >> >> > >
>> >> >> > >"Shel Blauman [MSFT]"
>> >> <sheldonb@online.microsoft.com>
>> >> >> > wrote in message
>> >> >> > >news:e#qikYf3CHA.2472@TK2MSFTNGP11.phx.gbl...
>> >> >> > >> You will need EnvironmentPermission for the
>> >> ability
>> >> >> > to access the "Path"
>> >> >> > >> environment variable. Associated
enumeration:
>> >> >> > >> EnvironmentPermissionAccess.Read . What you
>> are
>> >> >> > running into is executables
>> >> >> > >> from a share run under the Local Intranet
zone,
>> >> with
>> >> >> > diminished permissions.
>> >> >> > >> Here is a short article on running from a
>> share:
>> >> >> > >>
>> >> >> > >> The following applies to a managed
executable
>> >> program
>> >> >> > (.exe) that executes
>> >> >> > >> with greater permissions than normally
would be
>> >> >> > granted to the zone to which
>> >> >> > >> the assembly belongs. For a program hosted
on
>> >> another
>> >> >> > computer in a local
>> >> >> > >> area network, this would be the Local
Intranet
>> >> zone.
>> >> >> > Any file residing on a
>> >> >> > >> mapped network drive is, by default, in the
>> Local
>> >> >> > Intranet zone and operates
>> >> >> > >> under its permission set. If the assembly
to
>> be
>> >> run
>> >> >> > does not require any
>> >> >> > >> permissions other than those normally
granted
>> to
>> >> >> > applications running in the
>> >> >> > >> Local Intranet zone, signing and creating a
>> custom
>> >> >> > code group are not
>> >> >> > >> required. The below steps are only
necessary
>> >> when the
>> >> >> > assembly causes a
>> >> >> > >> security exception to be thrown when it is
>> >> executed.
>> >> >> > It is strongly
>> >> >> > >> recommended that the permissions granted the
>> Local
>> >> >> > Intranet zone not be
>> >> >> > >> changed to FullTrust as an alternative to
the
>> >> >> > following steps.
>> >> >> > >>
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> Check that the following conditions have
been
>> met:
>> >> >> > >>
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> 1.. The evidence identifying the
executable
>> is
>> >> used
>> >> >> > to set the membership
>> >> >> > >> condition in a code group, using either
>> the .NET
>> >> >> > Configuration Tool
>> >> >> > >> (Mscorcfg.msc) or caspol.exe. Although
other
>> >> >> > membership conditions are
>> >> >> > >> available, the recommended practice is to
sign
>> the
>> >> >> > assembly with a strong
>> >> >> > >> name or a certificate.
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> To create a strong name use sn.exe:
>> >> >> > >>
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> sn -k keyPair.snk
>> >> >> > >>
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> // This strong name key is used to create a
>> code
>> >> group
>> >> >> > that gives //
>> >> >> > >> permissions to this assembly.
>> >> >> > >>
>> >> >> > >> [assembly: AssemblyKeyFile("keyPair.snk")]
>> >> >> > >>
>> >> >> > >> namespace SignedAssembly
>> >> >> > >>
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> 2.. The code group corresponding to the
>> >> evidence of
>> >> >> > the executable gives
>> >> >> > >> the permissions the assembly requires. If
the
>> >> >> > executable is identified by a
>> >> >> > >> strong name, the code group will utilize the
>> >> >> > StrongNameMembershipCondition.
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> caspol -machine -addgroup All_Code -strong -
>> file
>> >> >> > signedassembly.exe
>> >> >> > >> FullTrust -name FouthCoffeeStrongName -
>> >> >> > description "Code group granting
>> >> >> > >> trust to code signed by FourthCoffee"
>> >> >> > >>
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> Alternatively, the code group can be created
>> >> using the
>> >> >> > Microsoft .NET
>> >> >> > >> Framework Configuration tool (Mscorcfg.msc)
>> found
>> >> >> > under Administrative
>> >> >> > >> Tools.
>> >> >> > >>
>> >> >> > >>
>> >> >> > >>
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> 3.. The runtime version on the host
computer
>> is
>> >> >> > compatible with the
>> >> >> > >> runtime used to compile the assembly.
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> 4.. The code group created for the
executable
>> >> is in
>> >> >> > the same runtime that
>> >> >> > >> the executable uses.
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> Hope this helps,
>> >> >> > >>
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> Shel
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> --
>> >> >> > >> This posting is provided "AS IS" with no
>> >> warranties,
>> >> >> > and confers no rights.
>> >> >> > >> Use of included script samples are subject
to
>> the
>> >> >> > terms specified at
>> >> >> > >> http://www.microsoft.com/info/cpyright.htm
>> >> >> > >>
>> >> >> > >>
>> >> >> > >> "Dave Ferguson" <support@ignitelogic.com>
>> wrote in
>> >> >> > message
>> >> >> > >> news:076601c2ddec$dd75cb20
$3001280a@phx.gbl...
>> >> >> > >> > I have a C# application that uses the
>> >> CommandLine
>> >> >> > >> > property to get the name of the program.
This
>> >> works
>> >> >> > fine
>> >> >> > >> > when running from the local hard disk.
>> >> >> > >> >
>> >> >> > >> > If I try to run the program from a network
>> >> drive I
>> >> >> > get a
>> >> >> > >> > SecurityException. I am running with
>> >> administrator
>> >> >> > >> > permissions and from Windows I can
>> >> add/delete/create
>> >> >> > >> > files and directories.
>> >> >> > >> >
>> >> >> > >> > What do I need to do to allow the program
to
>> be
>> >> able
>> >> >> > to
>> >> >> > >> > get the Environment.CommandLine value?
>> >> >> > >>
>> >> >> > >>
>> >> >> > >
>> >> >> > >
>> >> >> > >.
>> >> >> > >
>> >> >>
>> >> >>
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>
- Next message: Bhanu Pisupati: "Using VS.NET with mapped drive"
- Previous message: Don Dumitru [MSFT]: "Re: Environment.CommandLine Security Exception"
- In reply to: Don Dumitru [MSFT]: "Re: Environment.CommandLine Security Exception"
- Next in thread: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Reply: Michel Gallant \(MVP\): "Re: Environment.CommandLine Security Exception"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
