none
CAS question RRS feed

  • Question

  • Hi,

    I was just playing a bit with CAS, when I found something I just don't understand.
    I have this very simple (strong named) console application


    try
    
    { File.AppendAllText("test.txt", "This is a test" + Environment.NewLine); } catch (Exception ex) { Console.WriteLine("Test - Exception: " + ex.Message); }

    I move this file to C:\temp\CAS_Test and try to assign the "Execution" permission set to it using:

    caspol -ag All_Code -strong -file "C:\temp\CAS_Test\Test.exe" -noname -noversion Execution -name "My_Test_Group"

    Caspol does not show me an error message, but when I try to run the file it can create and write to "test.txt".
    Shouldn't CAS prevent this assembly from writing to a file? Or is there general misunderstanding on my side?

    Cheers,
    Michael
    • Edited by M. Niehaus Monday, October 5, 2009 12:17 PM Formatted code
    Monday, October 5, 2009 12:17 PM

Answers

  • Unless a code group is marked as "exclusive", assemblies that meet the membership condition for the group will also be granted the permissions for any other code groups at the same level for which they qualify via membership conditions.  Since you presumably have not modified the default All_Code group, your assembly is being granted unrestricted permissions via that group.  If this isn't what you want, you probably need to add the -exclusive flag to your command line.

    • Marked as answer by M. Niehaus Monday, October 5, 2009 2:39 PM
    Monday, October 5, 2009 2:09 PM

All replies

  • Unless a code group is marked as "exclusive", assemblies that meet the membership condition for the group will also be granted the permissions for any other code groups at the same level for which they qualify via membership conditions.  Since you presumably have not modified the default All_Code group, your assembly is being granted unrestricted permissions via that group.  If this isn't what you want, you probably need to add the -exclusive flag to your command line.

    • Marked as answer by M. Niehaus Monday, October 5, 2009 2:39 PM
    Monday, October 5, 2009 2:09 PM
  • I didn't know about the -exclusive flag.
    Thanks Nicole, now it works as I expected. :-)
    Monday, October 5, 2009 2:39 PM