none
warning : CA2122 : Microsoft.Security RRS feed

  • Question

  • //
    // Prerequisites
    //
       Compiled in Net 4.0
       The program runs perfectly well.
       The class is IDisposable.
       The offending code is disposed of and unlinked.

    //
    // Below is the warning report (filename and line number removed) & (\r\n added for readability).
    //
    warning : CA2122 : Microsoft.Security : 'Main.Main()' calls into 'Process.EnableRaisingEvents.set(bool)' which has a LinkDemand.
     By making this call, 'Process.EnableRaisingEvents.set(bool)' is indirectly exposed to user code.
     Review the following call stack that might expose a way to circumvent security protection:
    warning :    ->'Main.Main()'

    warning :    ->'Main.Main()'

    warning : CA2122 : Microsoft.Security : 'Main.Main()' calls into 'Process.Exited.add(EventHandler)' which has a LinkDemand.
     By making this call, 'Process.Exited.add(EventHandler)' is indirectly exposed to user code.
     Review the following call stack that might expose a way to circumvent security protection:
    warning :    ->'Main.Main()'
    warning :    ->'Main.Main()'
    //
    // Below is the offensive code.
    //

          private Process myProcess = null;


          private Init()
          {

     .
     .
     .

             // Initialize process
             myProcess = new Process();
             myProcess.EnableRaisingEvents = true;
             myProcess.Exited += new EventHandler(myProcess_Exited);

     .
     .
     .

           }

    //
    // Question
    //

    I like to make it a practice to comply with all possible design and security issues.  I do understand that the link can be followed back.  What I do not understand is how to alleviate the security issue, other than disabling the security check.  Will someone please help me with this issue?   All of the answers I could find on the internet are for Net 2.0, which are not applicable in Net 4.0.
    Thank you.

    Saturday, November 19, 2011 3:11 PM

Answers

All replies