[Mono-bugs] [Bug 375370] New: vbnc: Ignores security permission attributes

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Mon Mar 31 06:11:27 EDT 2008


           Summary: vbnc: Ignores security permission attributes
           Product: Mono: Compilers
           Version: 1.9.0
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Basic
        AssignedTo: rkvinge at novell.com
        ReportedBy: andyhume32 at yahoo.co.uk
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---

Well it doesn't ignore them exactly, however it writes them in such or way that
they are ignored at run-time.

For example, with this code (valid but pointless):
Imports system.io
Imports system.security.permissions

Class FilesRefuse
    Shared Sub Main()
        console.writeLine("-- now removing rights --")
    End Sub

    <FileIOPermission(SecurityAction.Deny, Unrestricted:=True)> _
    Shared Sub RemoveRights()
    End Sub

    Shared Sub DoIt()
        Dim dir As New DirectoryInfo("/")
        Dim files() As FileInfo = dir.GetFiles()
        For Each cur As fileinfo In files
            console.write(" ")
    End Sub
End Class

When compiled by Mono vbnc and run on MSFT CLR the directory listing is
incorrectly output twice.  When compiled with MSFT vbc it correctly fails with
a security exception before the second listing.

Such attributes need to be special cased; AIUI whilst the attribute 'content'
can (in FX2) be written normally, it must be 'attached' to the method (class
etc) specially.  In IL one sees a .permissionset directive rather than a
custom directive -- note Reflector doesn't show this difference.

Don't know whether this is MINOR as its likely very rarely used, or MAJOR as
its a security issue.  Maybe in the short term the compiler should output a
warning for any such attribute saying "not supported".

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list