CODEWITHSUNDEEP
c#.netsecurityfxcopcode-access-security
sara
sara

Reputation: 3934

C# security - LinkDemand or SecurityCritical or any explanation?

I have run security check on my application, and got the following warning:

'Parser.GenerateJeffpReport(string)' calls into 'Process.Start()' which has a LinkDemand. By making this call, 'Process.Start()' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:

I have googled it, and found this question:

what does this security warning mean (.Net Process class)?

I tried to do as the recomended answer, i.e. set my method with: 

[PermissionSetAttribute(SecurityAction.LinkDemand, Name="FullTrust")]

However, I got the following warning:

Microsoft.Security : 'Parser.ParseJeff(string)' is protected with a LinkDemand for 'PermissionSetAttribute'. In the level 2 security rule set, it should be protected by being security critical instead. Remove the LinkDemand and mark 'Parser.ParseJeff(string)' security critical.

What shall I do? What is the meaning of all of it anyway? why is it a security issue? I didn't found microsoft documentation at ths topic helpfull at all.

Upvotes: 1

Views: 6981

Answers (2)

user3375027
user3375027

Reputation: 87

You can also use [PermissionSetAttribute(SecurityAction.Demand, Name="FullTrust")].

Upvotes: 0

Damith
Damith

Reputation: 63065

replace 

[PermissionSetAttribute(SecurityAction.LinkDemand, Name="FullTrust")]

with

[SecurityCritical]

The SecurityCriticalAttribute is equivalent to a link demand for full trust. A type or member marked with the SecurityCriticalAttribute can be called only by fully trusted code; it does not have to demand specific permissions. It cannot be called by partially trusted code.

Upvotes: 2

Related Questions