Security Code Snafu

Goodes · #1 (**permalink**) 02-02-10, 01:12 PM

Code:

CodeAccessPermission fiop = new FileIOPermission(PermissionState.Unrestricted); 
CodeAccessPermission ep = new EnvironmentPermission
(EnvironmentPermissionAccess.Read, "USERNAME")); 
CodeAccessPermission fdp = new FileDialogPermission(FileDialogPermissionAccess.Open)); 
CodeAccessPermission isfp = new IsolatedStorageFilePermission(PermissionState.Unrestricted)); 
CodeAccessPermission rp = new ReflectionPermission(ReflectionPermissionFlag.MemberAccess)); 
CodeAccessPermission uip = new UIPermission(UIPermissionWindow.SafeTopLevelWindows)); 
CodeAccessPermission pp = new PrintingPermission(PrintingPermissionLevel.SafePrinting)); 
Console.WriteLine(fiop.GetType().ToString() + ": " + SecurityManager.IsGranted(fiop)); 
Console.WriteLine(ep.GetType().ToString() + ": " + SecurityManager.IsGranted(ep)); 
Console.WriteLine(fdp.GetType().ToString() + ": " + SecurityManager.IsGranted(fdp)); 
Console.WriteLine(isfp.GetType().ToString() + ": " + SecurityManager.IsGranted(isfp)); 
Console.WriteLine(rp.GetType().ToString() + ": " + SecurityManager.IsGranted(rp)); 
Console.WriteLine(uip.GetType().ToString() + ": " + SecurityManager.IsGranted(uip)); 
Console.WriteLine(pp.GetType().ToString() + ": " + SecurityManager.IsGranted(pp));

If the above code is ran from a command prompt from C:\ and with administrator privileges, it produces ‘true’ to all permissions (C:\Permissions.exe) since My_Computer_Zone (C:\) has the Full Trust permission set.
If the above code is ran from a command prompt through a loopback with administrator privileges, it should NOT produce ‘true’ for several permissions (\\127.0.0.1\C$\Permissions.exe). Permissions.exe is now running from a shared folder and hence under the Internet Zone. Specifically IsolatedStorageFilePermission. Yet in my case it does!

.NET Configuration Tool shows everything as normal. Zones and their respective trusts are as follows. My Computer: Full Trust; Local Intranet: Medium Trust; Internet: Low Trust; Trusted Sites: Low Trust; Untrusted Sites: No Trust.
Runtime Security Policy –> Machine –> Code Groups –> All_Code –> Internet_Zone –> Internet_Same_Site_Access also reset to normal settings.

I’m baffled! Any help is welcomed.

* Code, although modified, is courtesy of Tony Northrup’s book “Microsoft .NET Framework – Application Development Foundation”.

digioz · #2 (**permalink**) 02-02-10, 11:44 PM

I cleaned up the code you had below, and added proper references for each namespace then ran it:

Code:

using System;
using System.IO;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security;
using System.Security.Permissions;
using System.Drawing.Printing;
 
namespace ZonePermissions
{
    class Program
    {
        static void Main(string[] args)
        {
            CodeAccessPermission fiop = new FileIOPermission(PermissionState.Unrestricted); 
            CodeAccessPermission ep = new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME"); 
            CodeAccessPermission fdp = new FileDialogPermission(FileDialogPermissionAccess.Open); 
            CodeAccessPermission isfp = new IsolatedStorageFilePermission(PermissionState.Unrestricted); 
            CodeAccessPermission rp = new ReflectionPermission(ReflectionPermissionFlag.MemberAccess); 
            CodeAccessPermission uip = new UIPermission(UIPermissionWindow.SafeTopLevelWindows); 
            CodeAccessPermission pp = new PrintingPermission(PrintingPermissionLevel.SafePrinting); 
            Console.WriteLine(fiop.GetType().ToString() + ": " + SecurityManager.IsGranted(fiop)); 
            Console.WriteLine(ep.GetType().ToString() + ": " + SecurityManager.IsGranted(ep)); 
            Console.WriteLine(fdp.GetType().ToString() + ": " + SecurityManager.IsGranted(fdp)); 
            Console.WriteLine(isfp.GetType().ToString() + ": " + SecurityManager.IsGranted(isfp)); 
            Console.WriteLine(rp.GetType().ToString() + ": " + SecurityManager.IsGranted(rp)); 
            Console.WriteLine(uip.GetType().ToString() + ": " + SecurityManager.IsGranted(uip)); 
            Console.WriteLine(pp.GetType().ToString() + ": " + SecurityManager.IsGranted(pp));
            Console.ReadLine();
        }
    }
}

It seems that regardless of how you navigate and run the executable locally, the permissions depend on your logged in user's permission, not how you get to it (ie through loopback or directly). It does seem a bit strange though.

Pete