How to evaluate required permissions?

  • Thread starter Thread starter Larry Serflaten
  • Start date Start date
L

Larry Serflaten

I just put a simple exe out on the internet and tried to run it.
All it does is manipulate its own images and respond to its own
controls, but the darn thing needed FULL TRUST to run properly!

Does VS.NET have some sort of method to spit out warnings when
stepping outside of the trust boundries?

The trace on the security screen pointed to a few routines, but I
don't know what in the routine was causing problems. Is there
a way I can debug these permission problems on my own system,
before deploying to the internet?

Links, and advise will be greatly appreciated....

LFS
 
The issue is that some code requests a set of permissions (Code Access
Permissions). For example, any file IO will request FileIOPermission, etc.
If the current context isn't running with the given permission, the runtime
will toss an exception. There are a few ways you can tag a method to request
a specific permission, and the framework is littered with these. Here's a
link that might help you get started:
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconcodeaccesssecurity.asp

Here's another article that I use often when dealing with smart clients and
security issues:
http://msdn.microsoft.com/msdnmag/issues/02/07/NetSmartClients/default.aspx

In VS 2005, there are two things that should help:
1) a feature to debug with a given set of permissions (as opposed to full
trust)
2) a feature that calculates the CAS permissions your app requires (under
the Click-Once options). The calculator will even build a custom permission
set for you if you choose.

For now, you'll have to search the web for this kind of stuff in VS 2003
(user samples and add-ins). There's a sample on GotDotNet that when you run
it, allows you to pick which permissions want to use, then run another .NET
exe with those permissions only:
http://www.gotdotnet.com/Community/...mpleGuid=d82da9ee-bcde-4d1e-a918-249eb9bc3898

You might be able to locate a CAS/Permissionset calculator for VS 2003 out
there too. The permissions are imbedded in the IL, if you are really
adventurous :-)

-Rob Teixeira [MVP]
 
Great answer Rob!

I especially liked reading these:
In VS 2005, there are two things that should help:
1) a feature to debug with a given set of permissions (as opposed to full
trust)
2) a feature that calculates the CAS permissions your app requires (under
the Click-Once options). The calculator will even build a custom permission
set for you if you choose.
Click to expand...

There is just no way a 'hobbyist' can expect users far and wide to muck
around with CAS (configurations). I think for now, the better approach
may be to have them install a 'shell' that checks back with the site for
available 'modules', where the modules are themselves the WinForm
applications that won't run on medium or low trust. With the shell running
in full trust, will it be able to launch full trust modules? Hopefully your
links will spell it out....

I was surprised because, as I said, my app did nothing but manipulate its
own images, and respond to its own controls. It seems like the sandbox
is turning out to be not much bigger than a small potted plant!

Thanks!
LFS
 
Glad to be of help!

Larry Serflaten said:
Great answer Rob!

I especially liked reading these:
[snip cool whidbey toys]

There is just no way a 'hobbyist' can expect users far and wide to muck
around with CAS (configurations).
Click to expand...

LOL, to be quite honest, I know a lot of *advanced programmers* that have a
hell of a time understanding the nuances of CAS! :-)
No-touch is great as a concept, but there's tons of room for imporvement
from the tools side of things. I was really happy the VB team took a good
long look at this and developed all the neat Click-once stuff. There's
really no reason for this stuff to *have* to be complex, but it just had
very few tools to help you along until now.
I think for now, the better approach
may be to have them install a 'shell' that checks back with the site for
available 'modules', where the modules are themselves the WinForm
applications that won't run on medium or low trust.
Click to expand...

That's precisely what we're doing right now, though I have other reasons
than CAS that brought me to this conculsion.
You might want to take a look at the MS Updater Application Block. If you go
this route, it should help you grok some of the issues.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/updater.asp

With the shell running
in full trust, will it be able to launch full trust modules? Hopefully your
links will spell it out....
Click to expand...

Depends how you launch it. Right now, the default client CAS system spells
out a few permission sets, and assigns these permission sets by zone or
assembly. The zones are just like IE zones - local zone, internet zone, etc.
Obviously, internet zone (which is detected by launching from an HTTP url),
gives you the least permissions. You can override the default zone
permissions and create your own, or you can give apps with a specific
identity special permissions on the client. IOW, on the client machine, you
can say "give full trust (or some special set of permissions) to all apps
that come from this URL", or "give full trust to all apps signed with this
key pair".
However, if you download all the bits and pieces from the network, but have
the shell subsequently launch the app from the local drive after the
download (instead of launching it from a URL), then the app will run with
local permissions (which by default is full trust).
I was surprised because, as I said, my app did nothing but manipulate its
own images, and respond to its own controls. It seems like the sandbox
is turning out to be not much bigger than a small potted plant!
Click to expand...

Depends. There are a ton of permissions (well, i exaggerate, but there are
many). Using unamanged code or interop, or network calls could do it too.
But I don't really blame MS. When it comes to security, better to err on the
side of causion or risk a security disaster (and we all know MS is a big
target for that).
Thanks!
LFS
Click to expand...

You're welcome,

-Rob Teixeira [MVP]
 
Back
Top