[Mono-list] Does System.Security.Permissions.FileIOPermission work?

Sebastien Pouliot sebastien.pouliot at gmail.com
Mon Apr 21 09:12:57 EDT 2008 

On Sun, 2008-04-20 at 19:20 -0400, Yawar Amin wrote:
> Hi all,
> 
> I'm running Mono 1.2.4 on Ubuntu 7.10. I've been trying to use the
> System.Security.Permissions.FileIOPermission class to `demand' write
> access to my home directory and all its parent directories (i.e.
> /home, /). Here's a sample script based on my understanding of the
> security permissions concept:
> 
> // test_security_permissions.cs
> using System.IO;
> using System.Security.Permissions;
> 
> class Test_Security_Permissions {
>   /*
>   Demands write access to all parents of this directory. Framework
>   is supposed to throw an exception if access is not granted.
>   */
>   static void demand_write_access_to_all_parents(string dir_arg) {
>     DirectoryInfo curr_dir = new DirectoryInfo(dir_arg);
> 
>     (new FileIOPermission(FileIOPermissionAccess.Write,
> curr_dir.FullName)).Demand();
>     System.Console.WriteLine("Successfully demanded write access to
> {0}", curr_dir.FullName);
>     if (curr_dir.FullName != curr_dir.Root.FullName) {
>       Test_Security_Permissions.demand_write_access_to_all_parents(curr_dir.Parent.FullName);
>     }
>   }
> 
>   public static void Main() {
>     Test_Security_Permissions.demand_write_access_to_all_parents(".");
>   }
> }
> 
> What's happening is that it seems to successfully `get' write access
> to all these directories:
> 
> yawar at yawar-laptop:~/code$ gmcs test_security_permissions.cs /t:exe &&
> mono test_security_permissions.exe
> Successfully demanded write access to /home/yawar/code
> Successfully demanded write access to /home/yawar
> Successfully demanded write access to /home
> Successfully demanded write access to /
> yawar at yawar-laptop:~/code$
> 
> But obviously I don't have write access to /home and /:
> 
> yawar at yawar-laptop:~/code$ ls -ldh / /home
> drwxr-xr-x 21 root root 4.0K 2008-04-13 23:08 /
> drwxr-xr-x  3 root root 4.0K 2008-04-14 03:01 /home
> yawar at yawar-laptop:~/code$
> 
> Could someone be kind enough to run this on their own machine and/or
> explain what I'm doing wrong?

You're mixing two different concepts in there.

One is CAS[1], where permissions are policy based and applied on the
code being executed. The runtime is responsible to enforce this.

	[1] mono does not support CAS, see wiki.

The second is access control, where a resource is protected based on the
user (not code) identity. The OS is responsible to enforce this.

>From the results you seem to expect you're looking into access control
(which are not cross-platform). I believe you'll find everything you
need in the Mono.Posix.dll assembly.


Sebastien

More information about the Mono-list mailing list