Re: Can an Assert issued following a Deny override it?

From: Novice (6tc1ATqlinkDOTqueensuDOTca)
Date: 08/24/04 

Date: Tue, 24 Aug 2004 14:39:30 -0700

By they way - thank you for providing me with the answer... sometimes I'm in
such a hurry to communicate I don't take the time to thank people when they
give me the information I've been looking for.

Thanks again,
Novice

"Nicole Calinoiu" wrote:

> Permission to assert is granted via the Assertion flag on
> SecurityPermission. It can be denied via policy as you would any other
> permission/sub-permission (e.g.: caspol.exe, .NET Framework Configuration
> manager, policy deployment package).
>
> HTH,
> Nicole
>
>
> "Novice" <6tc1ATqlinkDOTqueensuDOTca> wrote in message
> news:A5D876B3-5AF5-4B84-943B-A6BF67C6E54E@microsoft.com...
> >I have tried this and it is the case, that a fully trusted assembly can use
> > an assert after a fully trusted assembly (higher up in the call stack) has
> > issued a Deny on a particular permission (like FileIO for example).
> >
> > However, I still don't know how to configure my security policy such that
> > I
> > restrict the ability of an assembly to use the Assert method.
> >
> > Any suggestions???
> >
> > Thanks,
> > Novice
> >
> > "Novice" wrote:
> >
> >> Another poster wrote:
> >> ------------------
> >> Additionally, assuming I have FullTrust, and I write the .dll that
> >> doesn't
> >> have correct public key (so you try to block me from the file), all I
> >> have to
> >> do is do an Assert on that permission, and the Assert will be found in
> >> the
> >> callstack before your deny, allowing me access to the directory.
> >> ------------------
> >> Is it the case that you can override an existing Deny that my application
> >> has
> >> already specified?
> >>
> >> I.E. if I write an application and the first line of code I put is a
> >> "Deny"
> >> on File IO to the C drive and then I invoke code (exp a method) in your
> >> assembly - you can subsequently write an Assert that will override the
> >> Deny
> >> that has already been processed (and yes this assumes your assembly has
> >> full
> >> trust)?
> >>
> >> Thanks,
> >> Novice
> >>
> >> PS If the above is true - what permission in .Net would stop someone from
> >> being able to override a previously issued Deny?
>
>
>

Relevant Pages

  • Re: IPSEC Policy to secure TS
    ... >"How to Create and Enable IPSec Policy to Secure ... >After the IP Security Policy Wizard starts, ... >2) the client policy is rather broad and might need ...
    (microsoft.public.win2000.security)
  • Re: IPSEC Policy to secure TS
    ... "How to Create and Enable IPSec Policy to Secure Terminal Services ... After the IP Security Policy Wizard starts, ... Click to expand Security Settings in the left pane, right-click the Client ...
    (microsoft.public.win2000.security)
  • Re: Limit number of login attemps on Windows server 2003 - where to set this up?
    ... An example change which you would make using the DC Security Policy and not ... and the Domain Controller Security Policy only applies to Domain ... > server exists to serve the clients, so what would you change on the DC, ...
    (microsoft.public.windows.server.general)
  • Re: [fw-wiz] Security and Audit Policy
    ... Enabling firewall rules without a solid security policy and management ... nameserver (I don't like clients resolving directly in any circumstance.) ...
    (Firewall-Wizards)
  • RE: Password History + GPO
    ... keep password history for on Security Policy Setting tab on Group Policy ... Double click on "Enforce password history" and you can then change the ...
    (microsoft.public.windows.server.sbs)