.NET code security: FullTrust vs. Everything

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have made a strong named code group for our application and granted it "FullTrust". The application can now be startet from a server mounted drive

When, however, I grant "Everything" the application throws a security exception

When I define a set of permissions including all predefined permission sets (all configured as "Unrestricted") the same thing happens: a Security exception is thrown

Can anybody tell me why it is not possible to build a full trust code group out of single permissions??

What does FullTrust have that cannot be added to Everything??

Tanx for your help
Hans
 
Full trust isn't exactly the same thing as Everything, or all permissions.
If i remember correctly, Full Trust means the assembly runs without checking
permissions at all. There's a good MSDN article on permission sets, but i
don't have the URL handy.

-Rob Teixeira [MVP]

Hans said:
I have made a strong named code group for our application and granted it
"FullTrust". The application can now be startet from a server mounted drive.
When, however, I grant "Everything" the application throws a security exception.

When I define a set of permissions including all predefined permission
sets (all configured as "Unrestricted") the same thing happens: a Security
exception is thrown.
Can anybody tell me why it is not possible to build a full trust code
group out of single permissions???
 
Hans said:
I have made a strong named code group for our application and granted it "FullTrust". The application can now be startet from a server mounted drive.

When, however, I grant "Everything" the application throws a security exception.

When I define a set of permissions including all predefined permission sets (all configured as "Unrestricted") the same thing happens: a Security exception is thrown.

Can anybody tell me why it is not possible to build a full trust code group out of single permissions???

What does FullTrust have that cannot be added to Everything???

Tanx for your help,
Hans

Without FullTrust you cannot call assemblies that reside in the GAC
unless the assembly specifically grants permission for partially trusted
callers (anything without FullTrust is considered partially trusted,
even if they have all assignable permissions).

Also, by default the Security permission for the Everything permission
set does not include "Skip Verification", so unsafe code is still not
permitted.

See docs regarding the AllowPartiallyTrustedCallersAttribute, and


http://msdn.microsoft.com/library/en-us/cpguide/html/cpconusinglibrariesfrompartiallytrustedcode.asp

An important aspect of this is that not all .NET Framework assemblies
have that attribute applied:


http://msdn.microsoft.com/library/en-us/dnforms/html/winforms11122002.asp

Here's a utility which will tell you what assemblies have this attribute:


http://www.develop.com/us/technology/resourcedetail.aspx?id=843c6027-b697-469d-933b-014b61f7d500
 
Back
Top