Re: CAS Permission Sets
From: Nicole Calinoiu (calinoiu)
Date: Fri, 12 Aug 2005 07:20:27 -0400
"Jeppe Dige Jespersen" <jdj_@_jdj.dk> wrote in message
> Can someone clarify the difference between the FullTrust and the
> Everything permission sets?
The biggest difference is that FullTrust isn't really set of defined
permissions. Instead, it's essentially a marker that the assembly should
pass any permission demand. On the other hand, Everything is a normal
permission set that defines a list of permissions that happens to contain
essentially all of permissions included in the core .NET Framework, with the
exception of SecurityPermission\SkipVerification. Any additional
permissions that might happen to be installed on the machine (say, a custom
permission that you might create) will not be included in the Everthing
> I know that a FullTrust assembly will not undergo permission checking,
This is not correct. Assemblies with a FullTrust grant are subjected to
permission checking. They simply pass any permission demand (with the
exception of demands for identity permissions in the v. 1.x framework).
> but why give an assembly Everything permissions, when you could omit
> checking altogether with the FullTrust set?
You can't bypass permission verification by granting FullTrust, so this
isn't a good reason for a FullTrust grant. There are, however, several
potentially valid reasons for choosing an Everything grant over a FullTrust
1. You don't want to grant the assembly
2. You don't want to automatically grant the assembly potentially unknown
custom permissions that might have been installed by other software.
3. You don't want the assembly to pass demands for FullTrust (including the
LinkDemands generated when attempting to call into a strongly named
assembly not marked by AllowPartiallyTrustedCallersAttribute).
That said, there are several "dangerous" permissions included in the
Everything set that you might also want to deny to assemblies that meet any
of these criteria. However, as a built-in permission set, Everything is not
modifiable. Therefore, in practice, one might prefer to assign a custom
permission set that includes a few less permissions than Everything.
> Jeppe D. Jespersen