[Mono-bugs] [Bug 375370] New: vbnc: Ignores security permission attributes

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Mon Mar 31 06:11:27 EDT 2008 

https://bugzilla.novell.com/show_bug.cgi?id=375370


           Summary: vbnc: Ignores security permission attributes
           Product: Mono: Compilers
           Version: 1.9.0
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Basic
        AssignedTo: rkvinge at novell.com
        ReportedBy: andyhume32 at yahoo.co.uk
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---


Well it doesn't ignore them exactly, however it writes them in such or way that
they are ignored at run-time.

For example, with this code (valid but pointless):
[[
Imports system.io
Imports system.security.permissions


Class FilesRefuse
    Shared Sub Main()
        DoIt()
        console.writeLine("-- now removing rights --")
        RemoveRights()
    End Sub

    <FileIOPermission(SecurityAction.Deny, Unrestricted:=True)> _
    Shared Sub RemoveRights()
        DoIt()
    End Sub

    Shared Sub DoIt()
        Dim dir As New DirectoryInfo("/")
        Dim files() As FileInfo = dir.GetFiles()
        For Each cur As fileinfo In files
            console.write(cur.Name)
            console.write(" ")
        Next
        console.writeline()
    End Sub
End Class
]]

When compiled by Mono vbnc and run on MSFT CLR the directory listing is
incorrectly output twice.  When compiled with MSFT vbc it correctly fails with
a security exception before the second listing.


Such attributes need to be special cased; AIUI whilst the attribute 'content'
can (in FX2) be written normally, it must be 'attached' to the method (class
etc) specially.  In IL one sees a .permissionset directive rather than a
custom directive -- note Reflector doesn't show this difference.


Don't know whether this is MINOR as its likely very rarely used, or MAJOR as
its a security issue.  Maybe in the short term the compiler should output a
warning for any such attribute saying "not supported".


-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list