code access security, local application

From: Wiktor Zychla (ieUser_at_microsoft.com.no.spam)
Date: 05/06/03

Next message: kcronin: "Urgent - XML Signature Interop"
Previous message: Fritz Mack: "Urgent problem with GetProcesses"
Next in thread: Michel Gallant \(MVP\): "Re: code access security, local application"
Reply: Michel Gallant \(MVP\): "Re: code access security, local application"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 6 May 2003 11:46:48 +0200

[also posted to donet.framework]

Hi there,

I've read several docs about .net security. I am interested in code
access security. I've experimented with .NET framework Configuration tool.

However, there's one thing I do not understand (or I do not know how to
do). Suppose I get an application from someone, I put it in C:\000 but I do
not trust this application. I would like to "sandbox" it, i.e. give it only
a fixed set of permissions.

So, I bring .NET Framework Configuration tool, I add new code group
under "Machine/All Code", I associate the group with new permission set and
I set the membership condition to Application Directory (is it ok?). I call
my new code group "XYZ".

Then I wish the application, C:\000\myApplication.exe, to be in the group
XYZ to force my custom permission set. But I do not know how to do this! I
have no idea how to add particular application, located on my hard disk, to
my own code group with my own permissions.

Is it possible? Do I miss something? I suppose this should be possible
but at the moment I have no idea how to do it. Remember that my primary goal
is to "sanbox" a local application, i.e. define my own permission set and
run my application against the set. Maybe there are other ways to accomplish
this goal.

Big thanks for help,

Regards
Wiktor Zychla

Next message: kcronin: "Urgent - XML Signature Interop"
Previous message: Fritz Mack: "Urgent problem with GetProcesses"
Next in thread: Michel Gallant \(MVP\): "Re: code access security, local application"
Reply: Michel Gallant \(MVP\): "Re: code access security, local application"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Code access security policy doubts.
... >were I need to set the code group policy. ... Right-click the Everything permission set and select ... Rename the permission set No FileDialog. ... >Exception thrown by the CLR. ...
(microsoft.public.dotnet.security)
Code access security policy doubts.
... were I need to set the code group policy. ... Expand the Runtime Security Policy node, ... Right-click the Everything permission set and select ... Select the No FileDialog permission set and click Next. ...
(microsoft.public.dotnet.security)
Re: CAS Policy issue
... Any given code group can be marked as exclusive ... the managed user control always runs. ... The default permission set for this code group is ... If you're trying to troubleshoot CAS permission problems, ...
(microsoft.public.dotnet.security)
Re: CAS Policy issue
... the managed user control always runs. ... The default permission set for this code group is Nothing. ... If you're trying to troubleshoot CAS permission problems, I'd recommend resetting your CAS policy. ... One easy way to test this would be to assign the FullTrust permission set to your URL-based code group. ...
(microsoft.public.dotnet.security)
RE: Article : Code Access Security Part - 2 (.Net FrameWork Tools Seri
... > Before we start with our sample app we need to view the security ... > local mahinc policy MyComputer Zone has Full trust permission set. ... > that we will need to change the Intranet Permission set. ... > To create a code group under intranet with fulltrust to a particular share ...
(microsoft.public.dotnet.framework.windowsforms.databinding)