Re: Can an Assert issued following a Deny override it?
From: Novice (6tc1ATqlinkDOTqueensuDOTca)
Date: 08/24/04
- Next message: Novice: "Re: Can an Assert issued following a Deny override it?"
- Previous message: Sankar Nemani: "Re: code access security with URL condition"
- In reply to: Nicole Calinoiu: "Re: Can an Assert issued following a Deny override it?"
- Next in thread: Shawn Farkas: "Re: Can an Assert issued following a Deny override it?"
- Reply: Shawn Farkas: "Re: Can an Assert issued following a Deny override it?"
- Reply: Nicole Calinoiu: "Re: Can an Assert issued following a Deny override it?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 Aug 2004 14:21:03 -0700
Actually I know of those tools:
caspol and
mscorcfg.msc
But what I would like to know is how to specifically restrict an assembly's
ability to use the Assert method.
I have used the above tools to do some basic security configuration things -
but I don't know how to specifically restrict an assembly's ability to use
the Assert method.
Thanks,
Novice
"Nicole Calinoiu" wrote:
> Permission to assert is granted via the Assertion flag on
> SecurityPermission. It can be denied via policy as you would any other
> permission/sub-permission (e.g.: caspol.exe, .NET Framework Configuration
> manager, policy deployment package).
>
> HTH,
> Nicole
>
>
> "Novice" <6tc1ATqlinkDOTqueensuDOTca> wrote in message
> news:A5D876B3-5AF5-4B84-943B-A6BF67C6E54E@microsoft.com...
> >I have tried this and it is the case, that a fully trusted assembly can use
> > an assert after a fully trusted assembly (higher up in the call stack) has
> > issued a Deny on a particular permission (like FileIO for example).
> >
> > However, I still don't know how to configure my security policy such that
> > I
> > restrict the ability of an assembly to use the Assert method.
> >
> > Any suggestions???
> >
> > Thanks,
> > Novice
> >
> > "Novice" wrote:
> >
> >> Another poster wrote:
> >> ------------------
> >> Additionally, assuming I have FullTrust, and I write the .dll that
> >> doesn't
> >> have correct public key (so you try to block me from the file), all I
> >> have to
> >> do is do an Assert on that permission, and the Assert will be found in
> >> the
> >> callstack before your deny, allowing me access to the directory.
> >> ------------------
> >> Is it the case that you can override an existing Deny that my application
> >> has
> >> already specified?
> >>
> >> I.E. if I write an application and the first line of code I put is a
> >> "Deny"
> >> on File IO to the C drive and then I invoke code (exp a method) in your
> >> assembly - you can subsequently write an Assert that will override the
> >> Deny
> >> that has already been processed (and yes this assumes your assembly has
> >> full
> >> trust)?
> >>
> >> Thanks,
> >> Novice
> >>
> >> PS If the above is true - what permission in .Net would stop someone from
> >> being able to override a previously issued Deny?
>
>
>
- Next message: Novice: "Re: Can an Assert issued following a Deny override it?"
- Previous message: Sankar Nemani: "Re: code access security with URL condition"
- In reply to: Nicole Calinoiu: "Re: Can an Assert issued following a Deny override it?"
- Next in thread: Shawn Farkas: "Re: Can an Assert issued following a Deny override it?"
- Reply: Shawn Farkas: "Re: Can an Assert issued following a Deny override it?"
- Reply: Nicole Calinoiu: "Re: Can an Assert issued following a Deny override it?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
