New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security rules prohibit use in .NET 4 #272

Closed
GoogleCodeExporter opened this Issue Mar 15, 2015 · 3 comments

Comments

Projects
None yet
2 participants
@GoogleCodeExporter

GoogleCodeExporter commented Mar 15, 2015

The Security-Transparent Code Level 2 rules in .NET 4 mean that any time we 
implement an interface member which has the SecurityCritical or 
SecuritySafeCritical attribute, we need to supply that attribute too.

Currently in some cases (I don't have details) we fail with:

> Inheritance security rules violated while overriding member: 
Instant.GetObjectData(System.Runtime.Serialization.SerializationInfo, 
System.Runtime.Serialization.StreamingContext)'. Security accessibility of the 
overriding method must match the security accessibility of the method being 
overriden.

Rather than just fix ISerializable, I'd like to add a unit test which checks 
*all* members of *all* interfaces implemented by *all* types. It shouldn't be 
too hard.

We might then want to consider applying this back to the 1.2 stream and doing a 
new release of it - or possibly doing a new 1.3 release.

References:

http://msdn.microsoft.com/en-us/library/dd233102(v=vs.100).aspx
http://stackoverflow.com/questions/3055792

Original issue reported on code.google.com by jonathan.skeet on 10 Mar 2014 at 6:35

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 15, 2015

This issue was closed by revision 7dbc1f757296.

Original comment by jonathan.skeet on 10 Mar 2014 at 9:30

  • Changed state: Fixed

GoogleCodeExporter commented Mar 15, 2015

This issue was closed by revision 7dbc1f757296.

Original comment by jonathan.skeet on 10 Mar 2014 at 9:30

  • Changed state: Fixed
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 15, 2015

I don't think we need to backport this to 1.2, as I *believe* it only affects 
assemblies with AllowPartiallyTrustedCallersAttribute, which only occurs in the 
1.3 stream anyway.

Original comment by jonsk...@google.com on 10 Mar 2014 at 9:37

GoogleCodeExporter commented Mar 15, 2015

I don't think we need to backport this to 1.2, as I *believe* it only affects 
assemblies with AllowPartiallyTrustedCallersAttribute, which only occurs in the 
1.3 stream anyway.

Original comment by jonsk...@google.com on 10 Mar 2014 at 9:37

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 15, 2015

Original comment by malcolm.rowe on 10 Mar 2014 at 11:49

  • Added labels: Milestone-1.3.0

GoogleCodeExporter commented Mar 15, 2015

Original comment by malcolm.rowe on 10 Mar 2014 at 11:49

  • Added labels: Milestone-1.3.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment