What is the purpose of the PermissionSet attribute in the MSDN FileSystemWatcher class example? - McMap

About

What is the purpose of the PermissionSet attribute in the MSDN FileSystemWatcher class example?

Asked 26/5, 2010 at 16:17 Answered 26/5, 2010 at 16:32

Solved c#permissionset

G

1

27

On the MSDN FileSystemWatcher Class page, it includes an example with the following class attribute:

 [PermissionSet(SecurityAction.Demand, Name="FullTrust")]

What is the purpose of this? When should it be included or not included?

The FileSystemWatcher Class help page is here: http://msdn.microsoft.com/en-us/library/system.io.filesystemwatcher.aspx

Griffen answered 26/5, 2010 at 16:17 Comment(1)

In .NET core 2.x+ the code access security attributes don't do anything according to learn.microsoft.com/en-us/dotnet/core/compatibility/… – Footstall 7/10, 2022 at 16:46

D

23

The FileSystemWatcher class has a link demand for unrestricted CAS permissions. This means that it will verify that its direct caller (i.e. your code, if you're consuming the class directly) has unrestricted permissions.

Unfortunately, use of a link demand opens up potential security holes since the permissions of indirect callers (i.e. code that calls your code) are not verified by a link demand. This means that an indirect caller with restricted permissions may be able to manipulate your highly trusted code into doing something nefarious on its behalf that it would otherwise not have had the permissions to accomplish.

One of the ways to prevent an attack of this sort is to apply your own full demand for the same permission to any code that that consumes a type or member with a link demand. This will ensure that any indirect callers will be subjected to the same permission demand, thereby ensuring that they cannot do anything via your code that they would not have been able to do on their own. The MSDN sample code for the FileSystemWatcher demonstrates the application of this sort of full demand.

Disincentive answered 26/5, 2010 at 16:32 Comment(2)

I don't think I understand it well enough yet. The example runs fine without the 'PermissionSet...' line. How does it help the code to have it in? Also what does 'FullTrust' mean? Admin privlidges on the machine or just full access to the file/directory in question? – Griffen 26/5, 2010 at 17:17

The attribute does not help your code run. Instead, it helps prevent it from running when it should not. "FullTrust" refers to unrestricted Code Access Security permissions. This has nothing to do with the permissions granted to the user's account. Code Access Security is an additional security layer provided by .NET that allows one to control permissions granted to running code. For an introduction, see msdn.microsoft.com/en-us/library/930b76w0(VS.71).aspx. – Disincentive 27/5, 2010 at 13:16

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.