Re: Is it secure to not refuse permissions in a non-referenced assembly?
From: Eugene V. Bobukh [MS] (eugenebo_at_online.microsoft.com)
Date: 09/12/03
- Next message: Pieter Philippaerts: "Re: rsa encrypt/decrypt"
- Previous message: Shel Blauman [MSFT]: "Re: Is it secure to not refuse permissions in a non-referenced assembly?"
- In reply to: Keith Patrick: "Is it secure to not refuse permissions in a non-referenced assembly?"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Is it secure to not refuse permissions in a non-referenced assembly?"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Is it secure to not refuse permissions in a non-referenced assembly?"
- Reply: Keith Patrick: "Re: Is it secure to not refuse permissions in a non-referenced assembly?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Sep 2003 15:30:59 -0700
Keith,
You don't necessarily need to refuse explicitily all unneeded permissions. Instead, proper combination of RequestMinimum and RequestOptional allows you to "refuse" all non-identity permissions you don't need, ever -- even if you've never heard of them.
The key idea is to realize that
a) If you don't have any RequestOptional lines in your assembly, it MAY be granted some permissions you don't know about.
b) If you add RequestOptional reference, you explicitly specify that you don't want ANY permissions except those listed in your requests.
So if you want, for example, to have Execution, Safe Printing and Unrestricted UI, you do this:
[assembly:SecurityPermissionAttribute(SecurityAction.RequestMinimum, Execution = true)]
[assembly:PrinitingPermissionAttribute(SecurityAction.RequestMinimum, Level = PrintingPermissionLevel.SafePrinting)]
[assembly:UIPermissionAttribute(SecurityAction.RequestMinimum, Unrestricted = true)]
[assembly:PermissionSetAttribute(SecurityAction.RequestOptional, Unrestricted = false)] // This means "the onely option of granting anything else for me is empty set"
As per assembly loads: yes, in v1.x you can load an assembly, provide new evidence for it and thus grant it probably higher trust then your original code that does it. However, in order to perfrom this you need SecurityPermsision.ControlEvidence that's already considered very powerful permission normally granted to local computer only.
-- Eugene V. Bobukh This message is provided "AS IS" with no warranties, and confers no rights. Any opinions or policies stated within it are my own and do not necessarily constitute those of my employer. ---- "Keith Patrick" <richard_keith_patrick@hotmail.com> wrote in message news:%234Kz0rJeDHA.3024@tk2msftngp13.phx.gbl... > If I want to refuse all unnecessary permissions, should I add references to > those permissions that aren't even referenced in my project? I know the > idea is to be able to permview an assembly and know that it can't, for > instance, query a database, but if I do not reference the assembly that > would allow that, I would think that I can prove that my app doesn't query a > DB just by looking at its referenced assemblies. On the other hand, I > realize that I could conceivably load the assembly dynamically and invoke a > method call that way. But if that is true, then I would have to add > references to several assemblies I don't use just to refuse all 19 built-in > permissions. > >
- Next message: Pieter Philippaerts: "Re: rsa encrypt/decrypt"
- Previous message: Shel Blauman [MSFT]: "Re: Is it secure to not refuse permissions in a non-referenced assembly?"
- In reply to: Keith Patrick: "Is it secure to not refuse permissions in a non-referenced assembly?"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: Is it secure to not refuse permissions in a non-referenced assembly?"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: Is it secure to not refuse permissions in a non-referenced assembly?"
- Reply: Keith Patrick: "Re: Is it secure to not refuse permissions in a non-referenced assembly?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
