LoadFrom() and probing paths

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I observed some interesting behaviour during some testing of
Assembly.LoadFrom. I noticed that Assembly.LoadFrom (and
Activator.CreateInstanceFrom) seems to extend the probing directory list.
i.e. the private probe paths seem to include both AppDomain.ApplicationBase
and the directory specified in the LoadFrom call.

I would have expected it would be more secure to override ApplicationBase.

For example, given the following files:

APP\APP.exe
APP\Manager.dll
RULES\MgrUtil.dll
RULES\rule.dll

Where Manager.dll has a reference to MgrUtil.dll.

If I create an AppDomain whose ApplicationBase is RULES that uses
Assembly.LoadFrom("..\Manager.dll") the load works. I would have expected it
to only work if MgrUtil.dll was in APP, despite RULES being a subdirectory of
APP. Adding RULES to the probing list would be easy; I just didn't expect
the default behaviour to not require it.

Security/permissions and expansion of relative paths have not been shown.

Is this by design?
 
Hi Peter,
If I create an AppDomain whose ApplicationBase is
Assembly.LoadFrom("..\Manager.dll") the load works.
I would have expected it to only work if MgrUtil.dll was
in APP, despite RULES being a subdirectory of APP.
Click to expand...

Based on my understanding, you concern about the directory which specified
in the AppDomainSetup.ApplicationBase property should not be add it into
the probing paths, or it may need more security/permissions requirement on
it. Please let me know if I have misunderstood anything.

AFAIK, the directory specified in the AppDomainSetup.ApplicationBase
property would be the location where the assembly manager begins probing
for assemblies. I think such a probing path behavior is as expected.


Thanks!

Best regards,

Gary Chang
Microsoft Community Support
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00
AM PST, February 14, 2006. Please complete a re-registration process by
entering the secure code mmpng06 when prompted. Once you have entered the
secure code mmpng06, you will be able to update your profile and access the
partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================
 
You don't sound very certain.

--
http://www.peterRitchie.com/blog/


"Gary Chang[MSFT]" said:
Hi Peter,
If I create an AppDomain whose ApplicationBase is
Assembly.LoadFrom("..\Manager.dll") the load works.
I would have expected it to only work if MgrUtil.dll was
in APP, despite RULES being a subdirectory of APP.
Click to expand...

Based on my understanding, you concern about the directory which specified
in the AppDomainSetup.ApplicationBase property should not be add it into
the probing paths, or it may need more security/permissions requirement on
it. Please let me know if I have misunderstood anything.

AFAIK, the directory specified in the AppDomainSetup.ApplicationBase
property would be the location where the assembly manager begins probing
for assemblies. I think such a probing path behavior is as expected.


Thanks!

Best regards,

Gary Chang
Microsoft Community Support
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00
AM PST, February 14, 2006. Please complete a re-registration process by
entering the secure code mmpng06 when prompted. Once you have entered the
secure code mmpng06, you will be able to update your profile and access the
partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================
Click to expand...
 
Hi Peter,
You don't sound very certain.
Click to expand...

I am afraid that's my favorite tone.

Thanks for your understanding!

Best regards,

Gary Chang
Microsoft Community Support
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00
AM PST, February 14, 2006. Please complete a re-registration process by
entering the secure code mmpng06 when prompted. Once you have entered the
secure code mmpng06, you will be able to update your profile and access the
partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================
 
Back
Top