[Mono-bugs] [Bug 694304] New: Appdomain not handled correctly for limiting code execution
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Tue May 17 10:41:54 EDT 2011
https://bugzilla.novell.com/show_bug.cgi?id=694304
https://bugzilla.novell.com/show_bug.cgi?id=694304#c0
Summary: Appdomain not handled correctly for limiting code
execution
Classification: Mono
Product: Mono: Runtime
Version: 2.10.x
Platform: x86-64
OS/Version: Mac OS X 10.6
Status: NEW
Severity: Normal
Priority: P5 - None
Component: remoting
AssignedTo: lluis at novell.com
ReportedBy: andres.meyer at computer.org
QAContact: mono-bugs at lists.ximian.com
Found By: ---
Blocker: ---
Created an attachment (id=429986)
--> (http://bugzilla.novell.com/attachment.cgi?id=429986)
test program
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us)
AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1
When running the attached example in 2.10.1, an ironpython script can actually
open a file on the system, even though the appdomain should prohibit it. in
2.10.2, a System.Reflection.MonoCMethod SerializationException is thrown, but
not a Security exception.
Reproducible: Always
Steps to Reproduce:
1. compile the attached program for .net 3.5 (get ironpython 2.6)
2. create a test file /tmp/test.txt
3. run the program
Actual Results:
in 2.10.1, the program gets executed and returns the contents of the file. This
should not be possible as the security should not allow this. In 2.10.2, a
serialization error gets thrown, but no security exception
Expected Results:
In windows .net a security exception is thrown
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list