[Mono-devel-list] RE: Code Access Security
Sebastien Pouliot
spouliot at videotron.ca
Thu Jan 22 17:00:07 EST 2004
Hello Ben,
> I've written CodeAccessSecurity.Demand, and need to move on to checking
the
> permissions assigned to stack frames:
This is great but Demand isn't (just) about walking the stack (actually
walking the stack isn't hard using StrackTrace/StackFrame). To be useful you
need to load/store information for each stack frame (which involves
interaction with the runtime). Then CAS.Demand can evaluate the Demand based
on the granted (and refused) permissions. However this cannot be done using
directly (public interface) StrackTrace/StackFrame (you'll need some
internal methods to get into the runtime).
> Does anyone have any ideas on caspol and policy files?
If you're interested in the stack walk I think you should implement it more
fully (e.g. Assert, PermitOnly...) using an hard-coded policy and a (very)
few permissions (else you risk to end up debugging a lot of different stuff
simultaneously).
Sebastien Pouliot
home: spouliot at videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html
-----Original Message-----
From: mono-devel-list-admin at lists.ximian.com
[mailto:mono-devel-list-admin at lists.ximian.com]On Behalf Of Benjamin
Wootton
Sent: 22 janvier 2004 15:36
To: 'Benjamin Wootton'; spouliot at videotron.ca
Cc: 'Mono Development'
Subject: [Mono-devel-list] RE: Code Access Security
Does anyone have any ideas on caspol and policy files? Sebastien?
I've written CodeAccessSecurity.Demand, and need to move on to checking the
permissions assigned to stack frames:
class test
{
public test()
{
foo();
}
public void foo()
{
FileIOPermission perm = new FileIOPermission(
PermissionState.None );
perm.AddPathList( FileIOPermissionAccess.Write, "/tmp" );
perm.Demand();
}
public static void Main()
{
test test = new test();
}
}
Results in:
[root at geri MONO]# mono test.exe
About to make the demand!
Stack walk triggered....Walk: Demand
Walk: foo
Walk: .ctor
Walk: Main
Ben
> -----Original Message-----
> From: Benjamin Wootton [mailto:benjaminwootton at hotpop.com]
> Sent: Tuesday, January 20, 2004 8:28 PM
> To: 'spouliot at videotron.ca'
> Cc: 'Mono Development'
> Subject: RE: Code Access Security
>
> Thanks for reply. I'm now actively working on this, so dare say I will
> have lots of questions!
>
> > > I've been implementing CodeAccessPermission.Demand.
> >
> > Without some runtime support this won't be easy to do, fix or test - I
> > know
> > as a tried a little ;)
>
> I understand this all pretty well now, at least with imperative demands.
> I think I'm right in believing that declarative is harder.
>
> Thanks for the explanation of policies etc. Presumably CAS builds up the
> policy objects based on the information in the security config files:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-
> us/cpguide/html/cpconsecurityconfigurationfiles.asp
>
> I thought about starting to write a caspol to manipulate these policy
> files - I'm going some dummy data in the Policy classes to proceed. Might
> as well build this in C#. Also is there anything I should consider as to
> how the runtime should load these files, where they should be stored etc?
> There are also going to be interesting mappings between some MS permission
> concepts and those in Unix, presumably.
>
> Finally, I also need to get a specification together of what exactly is
> required for CAS, and identify a point where I have the basic thing - and
> what constitutes the extensions. I'd appreciate if I could hack this out
> with other members on the list...
>
> Just wanted to check I'm on the right path.
>
> Thanks
> Ben
>
>
>
>
> > E.g. (again incomplete)
> >
> > - The runtime is asked to load an assembly from
> > "http://www.go-mono.com/mono.dll";
> > - The runtime add an URL evidence for "http://www.go-mono.com/mono.dll"
> to
> > the assembly;
> > - The URL is then used to determine a SecurityZone (using
> > Zone.CreateFromURL
> > and re-using IE settings) which results in Internet;
> > - The PermissionSet for Internet can then be applied.
> > - If a method ask for a FileIOPermission then "CAS" will check if the
> > Internet permission set and refuse the operation.
> >
> > However if the mono.dll had a strongname (e.g. from Ximian) a Code
> Groups
> > could give the assembly a different set of permissions (like FullTrust).
> >
> > > For instance, we can define code groups and membership conditions in
> MS
> > > at the various levels, but how do the class libraries come into it?
> >
> > The "CAS engine" resides in the runtime for both performance and
> security
> > (isolation). But to make CAS extendable most of objects it works with
> are
> > implemented in managed code (in the class library).
> >
> > > Do they just reflect the policy as granted by the local system, so
> that
> > > we can work with this programmatically? If this is the case, should
> > there
> > > be a PermissionSet in there somewhere representing the final grant
> set?
> >
> > That's the job of CAS to resolve it all ;) with the help from the class
> > library.
> > However it can be "a" final grant set - as every assembly can have
> > different
> > trust level inside an application domain
> >
> > > Any insights you can give into this would be very much appreciated!
> >
> > Have a look at bugzilla #52693
> > (http://bugzilla.ximian.com/show_bug.cgi?id=52693). This may be easier
> to
> > do
> > (but still a big step) and make it more easier to complete CAS
> afterward.
> >
> > BTW please keep your bugzilla entry
> > (http://bugzilla.ximian.com/show_bug.cgi?id=52606) updated with your
> work
> > (I
> > bookmarked it) or keep a blog about your work. It's the best way for
> > everyone (not just me) to see what's happening with CAS.
> >
> > Cya
> >
> > Sebastien Pouliot
> > Security Architect, Motus Technologies, http://www.motus.com
> > work: spouliot at motus.com
> > home: spouliot at videotron.ca
> > blog: http://pages.infinit.net/ctech/poupou.html
> >
> > -----Original Message-----
> > From: Ben [mailto:benjaminwootton at hotpop.com]
> > Sent: 12 janvier 2004 03:24
> > To: spouliot at videotron.ca
> > Subject: RE: Code Access Security
> >
> >
> > Sorry to contact you again. I've been implementing
> > CodeAccessPermission.Demand. I've been trying to work out this evening
> > how
> > System.Security.Policy, Evidence and Code Groups fit together. I
> > understand
> > them in isolation, but I'm not sure how they fit into the rest of the
> > framework.
> >
> > For instance, we can define code groups and membership conditions in MS
> at
> > the various levels, but how do the class libraries come into it? Do
> they
> > just reflect the policy as granted by the local system, so that we can
> > work
> > with this programmatically? If this is the case, should there be a
> > PermissionSet in there somewhere representing the final grant set?
> >
> > Any insights you can give into this would be very much appreciated!
> >
> > Thanks
> > Ben
> >
> >
> >
> >
> >
> >
> >
> > From: Ben [mailto:benjaminwootton at hotpop.com]
> > Sent: Saturday, January 10, 2004 11:47 PM
> > To: 'spouliot at videotron.ca'
> > Subject: Code Access Security
> >
> > You posted to mono-devel last week about code access security. I tried
> to
> > reply, but I'm not sure if it got through or not.
> >
> > I'm currently implementing parts of it. I wanted to check we were not
> > duplicating any work, and also to see if you had any insights into how
> you
> > think this should be done.
> >
> > I'm currently making sure that permissions are correctly represented in
> > the
> > assembly metadata. At the moment, Security permissions are just shown
> as
> > normal custom attributes.
> >
> > Ben
_______________________________________________
Mono-devel-list mailing list
Mono-devel-list at lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
More information about the Mono-devel-list
mailing list