Dynamic Code Generation and security

I encounter a problem with the JSON.Net serialization library and I wanted opinion of people more expert than me in CAS and AppDomain management.

To have more information on the problem, you can refer to the issue 21575. I submitted a patch for this issue.

The idea is that DynamicCodeGeneration flag is statically set once and for all in the current application domain when you first access it. However, I think that permission allowed for an application domain can change.

For example, if you call a method of an object in an application domain, across another application domain, it seems that you inherit of the permissions of the most restrictive application domain. So for me this assumption that permissions won't change for an application domain and that you can s开发者_开发百科tatically set DynamicCodeGeneration once and for all is wrong.

Am I correct ? Or do I miss something about CAS and AppDomain management ?

EDIT:

I added a little schema about what I think it is happening: http://www.sp4ce.net/data/temp/appdomain.png Do you think it is correct ?

I think your unit tests are providing evidence for your theory. In cross-appdomain calls, it looks like the more restrictive CAS restrictions are enforced. I don't think, though, that future calls local to the less restrictive appdomain (no remoting to restrictive appdomain) will continue to enforce the more restrictive permission set.

The issue with JSON.Net that you are attempting to address is that the permission set is checked once and not re-verified in future calls that may be coming from a more restrictive appdomain. Given that permissions can change depending on the calling context, it makes sense to demand permissions in the scope most local to the use of the permission. Your solution is to make the calling code responsible for informing JSON.Net of whether DynamicCodeGeneration is used. I think a better solution in the JSON.Net library would be to demand the requierd permissions in the JsonTypeReflector.DynamicCodeGeneration getter every time it is called, rather than caching the value as it does now.