Re: Refusing all permissions
From: Keith Patrick (kpatrick_at_nospam.houston.rr.com)
Date: 07/10/03
- Next message: Michel Gallant: "Re: Extending .NET Cryptography with CAPICOM and P/Invoke"
- Previous message: Marcello Drewanz: "Re: Extending .NET Cryptography with CAPICOM and P/Invoke"
- In reply to: Eugene V. Bobukh [MS]: "Re: Refusing all permissions"
- Next in thread: Keith Patrick: "Re: Refusing all permissions"
- Reply: Keith Patrick: "Re: Refusing all permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Jul 2003 19:50:23 -0500
Basically, what I am trying to do is to write a very layered set of class
libraries which has extremely tight security (the libraries should refuse
all permissions normally, but I want to go in and turn on any that
higher-level libraries would need....basically say, "CLR, deny me all rights
first. Ok, now that we have a clean slate, grant me Execution permission
and FileIO permission, since that is all I need". I'm not sure about my
policy. It *should* be in the default state. This machine was built 2
weeks ago with a very restricted set of applications installed + I did no
.Net configuration other than any that VS.Net2003 may do.
I think what would be really nice is to try it where it throws the
exception, and see what permissions it is getting. Then, run it without to
see what permissions it is given. If I can see a diff of permissions, I
could see what I'm missing.
BTW: Why does SecurityPermission have properties like Execution rather than
there be an ExecutionPermissionAttribute? I was a bit thrown off with
things like FileIOPermission and ServiceControllerPermission existing as
their own attributes, but others, like Execution and Assertion are
properties of SecurityPermission. It seems that they're all related to
security, so I'm not seeing what determines whether or not an activity
warrants its own attribute.
"Eugene V. Bobukh [MS]" <eugenebo@online.microsoft.com> wrote in message
news:%23jg6JakRDHA.1804@TK2MSFTNGP11.phx.gbl...
Keith,
Sorry, but I've lost the goal of all this. What are you trying to achieve?
Maybe we are just talking about different things.
However, here are some notes on your previous message, maybe they will help.
1. Upon load time, assembly is being granted some set of permissions
depending on it's Zone, Url, StrongName, etc. This grant is calculated
through the Runtime Security Policy that is stored on the machine in the
config file. .NET Framework Configuration tool is responsible for
displaying/editing this policy. It does not, and is not supposed to know
anything about declarative requests in the assembly.
2. Assembly declarative requests could be used for either one of the
following purposes:
2.1. Reduce the grant that assembly would receive -- by using
RequestRefuse.
2.2. Verify that assembly will get no less then some permissions level
through RequestMinimun. If the granted set is less then miminum requested,
assembly will not even start, failing with the SecurityException -- just
what you are seeing here, I guess. It's quite interesting though why this
exception is observed, 'cause running from LocalComputer should grant the
assembly FullTrust [at least, it works like this for me]. Is your policy not
in a default state, probably?
Another reason for failure may be that because of requests you've made,
you assembly does not have FullTrust granted [see below]; maybe some method
you are calling requres it.
2.3. Make sure that it will not get more by using RequestOptional.
I suggest looking into MSDN on this topic.
3. The command line tool that can display assembly requests is called
permview.exe.
4. "Everything" permission set is not equal to "FullTrust" set. Moreover,
even enumerating ALL existing permissions and putting them together will
create a set that has less trust then FullTrust [what is
PermissionSet(Unrestricted)]. The reason for this is [potentinal] existence
of Custom Permissions, potential affect of some internal or Identity
Permissions as well.
5. PermissionSetAttribute without a file name could represent either empty
permission state [Unrestricted = false], or Unrestricted state [Unrestricted
= true], that's all.
-- Eugene V. Bobukh This message is provided "AS IS" with no warranties, and confers no rights. Any opinions or policies stated within it are my own and do not necessarily constitute those of my employer. ---- "Keith Patrick" <kpatrick@nospam.houston.rr.com> wrote in message news:OrSKl6bRDHA.1868@TK2MSFTNGP11.phx.gbl... > OK, I tried various things (keep in mind this is a Windows service), > ultimately coming up with the following list that I *thought* was more or > less a master list, granting all possible permissions I would need without > using PermissionSet to grant all. However, the following set of attributes, > which includes the ones you mentioned, does not work (Security Exception as > soon as I start it): > [assembly:System.ServiceProcess.ServiceControllerPermission(SecurityAction.R > equestMinimum, Unrestricted=true)] > > [assembly:PermissionSetAttribute(SecurityAction.RequestOptional, > > Unrestricted = false)] > > [assembly:SecurityPermission(SecurityAction.RequestMinimum,Assertion=true), > > SecurityPermission(SecurityAction.RequestMinimum,ControlAppDomain=true), > > SecurityPermission(SecurityAction.RequestMinimum,ControlDomainPolicy=true), > > SecurityPermission(SecurityAction.RequestMinimum,ControlEvidence=true), > > SecurityPermission(SecurityAction.RequestMinimum,ControlPolicy=true), > > SecurityPermission(SecurityAction.RequestMinimum,ControlPrincipal=true), > > SecurityPermission(SecurityAction.RequestMinimum,ControlThread=true), > > SecurityPermission(SecurityAction.RequestMinimum,Execution=true), > > SecurityPermission(SecurityAction.RequestMinimum,Infrastructure=true), > > SecurityPermission(SecurityAction.RequestMinimum,RemotingConfiguration=true) > , > > SecurityPermission(SecurityAction.RequestMinimum,SerializationFormatter=true > ), > > SecurityPermission(SecurityAction.RequestMinimum,SkipVerification=true), > > SecurityPermission(SecurityAction.RequestMinimum,UnmanagedCode=true), > > SecurityPermission(SecurityAction.RequestMinimum,Unrestricted=true)] > > [assembly:System.Diagnostics.EventLogPermissionAttribute(SecurityAction.Requ > estMinimum, Unrestricted=true)] > > [assembly:System.Diagnostics.PerformanceCounterPermissionAttribute(SecurityA > ction.RequestMinimum, Unrestricted=true)] > > [assembly:System.Drawing.Printing.PrintingPermissionAttribute(SecurityAction > .RequestMinimum, Unrestricted=true)] > > [assembly:System.Net.DnsPermissionAttribute(SecurityAction.RequestMinimum, > Unrestricted=true)] > > [assembly:System.Net.SocketPermissionAttribute(SecurityAction.RequestMinimum > , Unrestricted=true)] > > [assembly:System.Net.WebPermissionAttribute(SecurityAction.RequestMinimum, > Unrestricted=true)] > > [assembly:System.ServiceProcess.ServiceControllerPermissionAttribute(Securit > yAction.RequestMinimum, Unrestricted=true)] > > [assembly:System.Web.AspNetHostingPermissionAttribute(SecurityAction.Request > Minimum, Unrestricted=true)] > > [assembly:EnvironmentPermissionAttribute(SecurityAction.RequestMinimum, > Unrestricted=true)] > > [assembly:FileDialogPermissionAttribute(SecurityAction.RequestMinimum, > Unrestricted=true)] > > [assembly:FileIOPermission(SecurityAction.RequestMinimum, > Unrestricted=true)] > > [assembly:IsolatedStorageFilePermissionAttribute(SecurityAction.RequestMinim > um, Unrestricted=true)] > > [assembly:ReflectionPermission(SecurityAction.RequestMinimum, > Unrestricted=true)] > > [assembly:RegistryPermission(SecurityAction.RequestMinimum, > Unrestricted=true)] > > [assembly:SecurityPermissionAttribute(SecurityAction.RequestMinimum, > Unrestricted=true)] > > [assembly:UIPermissionAttribute(SecurityAction.RequestMinimum, > Unrestricted=true)] > > > Is there some tool out there I can use to see what permission is lacking? > The .Net Framework policy tool doesn't tell me much (hell, it doesn't even > accurately reflect what attributes I put in), and I can't check the > exception in the watch because it happens too early (I don't even have a > call stack). What would be nice is to run a .Net app like a Java app > whereby I can pass the CLR a flag asking for verbose logging. > > > "Eugene V. Bobukh [MS]" <eugenebo@online.microsoft.com> wrote in message > news:OHNpoKLRDHA.2424@tk2msftngp13.phx.gbl... > Well, I guess in order to run assembly requires at least one permission, > that is permission to execute. So what you probably need is the following: > > [assembly: SecurityPermissionAttribute(SecurityAction.RequestMinimum, > Execution = true)] > [assembly:PermissionSetAttribute(SecurityAction.RequestOptional, > Unrestricted = false)] // Note that it is FALSE here > > Also, depending on the version of the Runtime, it may happen that the single > attribute you used below could be just ignored, there were couple of > weirdnesses in declarative attributes handling for such corner cases [I > beleive they are fixed now]. > > If you truly need to refuse even execution for some reason, replace the > first line with this: > > [assembly:PermissionSetAttribute(SecurityAction.RequestMinimum, Unrestricted > = false)] > > -- > > Eugene V. Bobukh > > This message is provided "AS IS" with no warranties, and confers no rights. > Any opinions or policies stated within it are my own and do not necessarily > constitute those of my employer. > > ---- > > "Keith Patrick" <richard_keith_patrick@hotmail.com> wrote in message > news:eb4swWJRDHA.2480@tk2msftngp13.phx.gbl... > > Does anyone know how to "properly" declare that an assembly requires no > > permissions whatsoever to run? What I want to do is have my base library > do > > this, and then consumers of the library do the same, but selectively and > > explicitly activate the permissions it needs. What I had been doing is > > this: > > [assembly:PermissionSet(SecurityAction.RequestOptional, > Unrestricted=false)] > > > > However, when I manually follow it with various attributes where I say > > RequestMinimum/Unrestricted=true, my WIndows service still will not run, > and > > I've requested every permission I can find. The only thing that allows my > > service to run is following the aforementioned code with: > > > > > > > > [assembly:PermissionSet(SecurityAction.RequestOptional, > Unrestricted=true)] > > > > > >
- Next message: Michel Gallant: "Re: Extending .NET Cryptography with CAPICOM and P/Invoke"
- Previous message: Marcello Drewanz: "Re: Extending .NET Cryptography with CAPICOM and P/Invoke"
- In reply to: Eugene V. Bobukh [MS]: "Re: Refusing all permissions"
- Next in thread: Keith Patrick: "Re: Refusing all permissions"
- Reply: Keith Patrick: "Re: Refusing all permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
