[Mono-list] Does System.Security.Permissions.FileIOPermission work?

Andy Hume andyhume32 at yahoo.co.uk
Mon Apr 21 07:52:11 EDT 2008 

On 21 April 2008 00:21 Yawar Amin wrote:
> I'm running Mono 1.2.4 on Ubuntu 7.10. I've been trying to 
> use the System.Security.Permissions.FileIOPermission class to

The first thing to note is that CAS is not fully implemented on Mono,
and is disabled by default.  http://www.mono-project.com/CAS  However
this is immaterial here, see below.

 
> `demand' write access to my home directory and all its parent 
> directories (i.e.
> /home, /). Here's a sample script based on my understanding 
> of the security permissions concept:
> 
> // test_security_permissions.cs
> using System.IO;
> using System.Security.Permissions;
> 
> class Test_Security_Permissions {
>   /*
>   Demands write access to all parents of this directory. Framework
>   is supposed to throw an exception if access is not granted.
>   */

This is actually /not/ what CAS is for, remember that it is *Code*
Access Security.  That is, it is orthogonal to *Role* Access Security.
As a user I run some .NET code in my web browser, *I* (logged in as Role
"user1" say) have full rights to do anything with files in my home
directory (chmod etc shows that), however I don't trust the *Code* that
I'm downloading and running, so *it* has no rights to do anything with
files at all.


>   static void demand_write_access_to_all_parents(string dir_arg) {
>     DirectoryInfo curr_dir = new DirectoryInfo(dir_arg);
> 
>     (new FileIOPermission(FileIOPermissionAccess.Write,
> curr_dir.FullName)).Demand();

So here Demand is checking that all the *calling methods* on the stack
have CAS permission for that permission.  (So, assuming CAS was fully
implemented or running on the MSFT CLR) since we're running a
command-line program on the local disk it will be Fully-Trusted, and
thus all the code is fully-trusted and all permissions will be granted
and thus any demand will always succeed.


>     System.Console.WriteLine("Successfully demanded write 
> access to {0}", curr_dir.FullName);
>     if (curr_dir.FullName != curr_dir.Root.FullName) {
>       
> Test_Security_Permissions.demand_write_access_to_all_parents(c
> urr_dir.Parent.FullName);
>     }
>   }
> 
>   public static void Main() {
>     Test_Security_Permissions.demand_write_access_to_all_parents(".");
>   }
> }
> 
> What's happening is that it seems to successfully `get' write 
> access to all these directories:
>
Yup, as above.  When I run this on the MSFT CLR I see the same behaviour
-- all successes.

However, if I run the code from the network it then gets "Intranet"
permissions.  In that permission set FileIOPermission is a restricted
set (Read/Dir access to the network directory from which it was run).
So I get the following failure:
[[
C:\temp>"\\pc1\temp\Test_Security_Permissions.exe"

Unhandled Exception: System.Security.SecurityException: Request for the
permission of type 'System.Security.Permissions.FileIOPermission,
mscorlib, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089' failed.
   at System.Security.CodeAccessSecurityEngine.Check(Object demand,
StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.CodeAccessPermission.Demand()
   at System.IO.DirectoryInfo..ctor(String path)
   at
Test_Security_Permissions.demand_write_access_to_all_parents(String
dir_arg)
   at Test_Security_Permissions.Main()
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.FileIOPermission
The first permission that failed was:
<IPermission class="System.Security.Permissions.FileIOPermission,
mscorlib, Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089"
version="1"
Read="C:\temp\."/>

....
....
]]


> yawar at yawar-laptop:~/code$ gmcs test_security_permissions.cs 
> /t:exe && mono test_security_permissions.exe Successfully 
> demanded write access to /home/yawar/code Successfully 
> demanded write access to /home/yawar Successfully demanded 
> write access to /home Successfully demanded write access to / 
> yawar at yawar-laptop:~/code$
> 
> But obviously I don't have write access to /home and /:
> 
> yawar at yawar-laptop:~/code$ ls -ldh / /home drwxr-xr-x 21 root 
> root 4.0K 2008-04-13 23:08 / drwxr-xr-x  3 root root 4.0K 
> 2008-04-14 03:01 /home yawar at yawar-laptop:~/code$
> 
> Could someone be kind enough to run this on their own machine 
> and/or explain what I'm doing wrong?

More information about the Mono-list mailing list