none
Failed to grant minimum permission requests.

    Question

  • Hello,

    Security is not one of my strongest areas, so I apologize if the question is trivial.

    I have an assembly that I want to distribute. It has some unsafe code. What should I do to make it run in medium trust environment?

    Victor
    Tuesday, April 18, 2006 9:45 PM

Answers

  • It depends on the medium trust environment.  You could add a call to CodeAccessPermission.Assert for the SecurityPermission Attribute and SecurityPermissionFlag.UnmanagedCode, e.g.:


    (new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)).Assert();
     
    But that would also require that your assembly have Assert permission; which is unlikely, if that environment doesn't have unmanaged code permission.

    If execution of unmanaged code is denied in that environment, the only way you can get your assembly to load would be to explicitly grant it full-trust or to register it in the GAC--both of which require administrator intervention.

    The SuppressUnmanagedCodeSecurity permission looks like it overrides requireing unmanaged code permission; but, it's just used to consolidate the permission requests into one (at JIT)  if you've got many different calls to unmanaged code.

    Code Access Security in Practice is a good read for information about code access security.

     

    Wednesday, April 19, 2006 2:15 PM
    Moderator
  • The demand for SkipVerification happens at JIT time, so there's no need to suppress the stack walk (of course if you were suppressing the stack walk you'd need both SecurityPermission/Assert and the permission you were asserting for to be effective [http://blogs.msdn.com/shawnfa/archive/2005/02/04/367390.aspx]).

    SuppressUnmanagedCodeSecurity is for P/Invoke declarations -- not unsafe code.

    In this case your suggestion of putting the code in the GAC is a good one.  The alternative is to strongly name it and have the administrator run caspol to trust the strong name.  In both cases you'll need to apply APTCA [http://blogs.msdn.com/shawnfa/archive/2005/02/04/367390.aspx] to the assembly, and that implies that you must audit it for security issues thouroughly.  (Especially since it has unsafe code in it.)

    -Shawn

    Wednesday, April 19, 2006 3:42 PM
    Moderator

All replies

  • It depends on the medium trust environment.  You could add a call to CodeAccessPermission.Assert for the SecurityPermission Attribute and SecurityPermissionFlag.UnmanagedCode, e.g.:


    (new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)).Assert();
     
    But that would also require that your assembly have Assert permission; which is unlikely, if that environment doesn't have unmanaged code permission.

    If execution of unmanaged code is denied in that environment, the only way you can get your assembly to load would be to explicitly grant it full-trust or to register it in the GAC--both of which require administrator intervention.

    The SuppressUnmanagedCodeSecurity permission looks like it overrides requireing unmanaged code permission; but, it's just used to consolidate the permission requests into one (at JIT)  if you've got many different calls to unmanaged code.

    Code Access Security in Practice is a good read for information about code access security.

     

    Wednesday, April 19, 2006 2:15 PM
    Moderator
  • The demand for SkipVerification happens at JIT time, so there's no need to suppress the stack walk (of course if you were suppressing the stack walk you'd need both SecurityPermission/Assert and the permission you were asserting for to be effective [http://blogs.msdn.com/shawnfa/archive/2005/02/04/367390.aspx]).

    SuppressUnmanagedCodeSecurity is for P/Invoke declarations -- not unsafe code.

    In this case your suggestion of putting the code in the GAC is a good one.  The alternative is to strongly name it and have the administrator run caspol to trust the strong name.  In both cases you'll need to apply APTCA [http://blogs.msdn.com/shawnfa/archive/2005/02/04/367390.aspx] to the assembly, and that implies that you must audit it for security issues thouroughly.  (Especially since it has unsafe code in it.)

    -Shawn

    Wednesday, April 19, 2006 3:42 PM
    Moderator