Question about the working paradigm of Code Access Security (CAS)
I wrote the following code to test the CAS:
[SecurityPermission(SecurityAction.Demand,Flags=SecurityPermissionFlag.Execution)]
static void Main(string[] args)
{
Console.WriteLine("hello, world!");
}
In the .NET 2.0 Configuration, I use the strong name of the above assembly to create a code group and give the group Nothing permission set. So the assembly failed to start as expected.
But I noticed that if I remove the following attribute:
[SecurityPermission(SecurityAction.Demand,Flags=SecurityPermissionFlag.Execution)]
The program still failed to start. So what's the point of this so-called declarative security with attribute?
I read several tutorials on CAS, they use Imperative/Declarative Security to use the CAS. But from the above sample, it doesn't seem necessary.
If I deliberately w开发者_Go百科rite code without Imperative/Declarative Security and don't provide any evidence for my assembly, would CAS be blind to enforce any security policy?
Or do I misunderstand how CAS is expected to be used?
Thanks.
A CAS permission demand results in verification of each call stack frame above the method making the demand. Since your assembly runs no code to invoke the Main method, the demand is not being evaluated against any of your code.
It is the denial of execution permissions via policy that is causing your assembly to be prevented from being executed. The permission is being evaluated by the CLR itself when it runs your assembly code. There is no need to add your own demand for the permission.
To step back a bit and look at how CAS demands (declarative or imperative) are meant to be used, consider that permissions protect access to resources. Any code allowing access to a resource (e.g.: the file system) that would not otherwise be accessible to managed code should supply a permission (e.g.: FileIOPermission) that can be used to control access to that resource. The code allowing access to the resource is also responsible for making demands for that permission before allowing access to the resource.
Most developers writing managed code will never need to either author a CAS permission or make an explicit demand for a CAS permission since they will typically be accessing resources exposed (and protected) by either the .NET base class library or by other Microsoft or third-party libraries.
精彩评论