Re: Stack walk
From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: Thu, 29 May 2003 10:31:39 -0700
1) You are correct ... without a stack walk, then any code that, for
instance, wanted to read a file could, since the System.IO classes wouldn't
know the trust level of their callers. (This assumes the NTFS permissions
are set such that the code had permissions to read the file.)
2) Assert is extremely dangerous. It is useful to get at a privileged
operation that you need to perform your work, and you know that your code
can never be tricked into calling the privileged code by a malicious
assembly. For instance, if you write a graphing control, and you write out
the color of the graph to draw to a text file, you might assert
FileIOPermission to read that text file, so that you can get at your data.
If you were positive that there was no way for anyone using your control to
trick you into reading another file and somehow accessing this data, then
this would be a good use of Assert. When you use Assert, it is generally a
good idea to do a RevertAssert as soon as you don't need to disable the
checking for the permissions you Asserted.
"Doman Maciejko" <email@example.com> wrote in message
>I have two questions.
> The level of trust to a unique assembly is defined in the permission set.
> The permission set is therefore of high importance. The system then uses
> permisson set when the stack walk matches the level of trust of a certain
> caller to the protected operation which is called.
> Now I wonder. Could you say that the stack walk is crucial, without the
> stack walk no security actions could be applied?
> The stack walk can be turned off (assert). Could you say that you to some
> part get unsecure and should be extra carefull?