You are viewing a plain text version of this content. The canonical link for it is here.

Posted to log4net-dev@logging.apache.org by "Nicko Cadell (JIRA)" <ji...@apache.org> on 2006/02/20 20:48:42 UTC

[jira] Created: (LOG4NET-65) Unhandled SecurityException exception for FileIOPermission while loading configuration file

Unhandled SecurityException exception for FileIOPermission while loading configuration file
-------------------------------------------------------------------------------------------

         Key: LOG4NET-65
         URL: http://issues.apache.org/jira/browse/LOG4NET-65
     Project: Log4net
        Type: Bug
  Components: Core  
    Versions: 1.2.9    
    Reporter: Nicko Cadell
 Assigned to: Nicko Cadell 
     Fix For: 1.2.10


If the calling application does not have the PathDiscovery FileIOPermission a SecurityException is generated from the XmlConfiguratorAttribute.Configure method. This is called from the first LoggerManager.GetLogger in a calling assembly.

The exception should be caught as we may potentially be injecting this exception into user code's class initialisation phase which the user would find unexpected.

An example stack trace for the exception is:

[SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
   System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
   System.Security.CodeAccessPermission.Demand() +59
   System.AppDomainSetup.VerifyDir(String dir, Boolean normalize) +110
   System.AppDomain.get_BaseDirectory() +61
   log4net.Util.SystemInfo.get_ApplicationBaseDirectory() +31
   log4net.Config.XmlConfiguratorAttribute.Configure(Assembly sourceAssembly, ILoggerRepository targetRepository) +30
   log4net.Core.DefaultRepositorySelector.ConfigureRepository(Assembly assembly, ILoggerRepository repository) +314
   log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly repositoryAssembly, Type repositoryType, String repositoryName, Boolean readAssemblyAttributes) +532
   log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly repositoryAssembly, Type repositoryType) +42
   log4net.Core.DefaultRepositorySelector.GetRepository(Assembly repositoryAssembly) +80
   log4net.Core.LoggerManager.GetLogger(Assembly repositoryAssembly, String name) +132
   log4net.LogManager.GetLogger(Assembly repositoryAssembly, String name) +30
   log4net.LogManager.GetLogger(String name) +34


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Resolved: (LOG4NET-65) Unhandled SecurityException exception for FileIOPermission while loading configuration file

Posted by "Nicko Cadell (JIRA)" <ji...@apache.org>.

     [ http://issues.apache.org/jira/browse/LOG4NET-65?page=all ]
     
Nicko Cadell resolved LOG4NET-65:
---------------------------------

    Resolution: Fixed

Checked in a code fix to this issue that adds additional try/catch blocks to check for the PathDiscovery permissions exception and to log more details of the error condition.

> Unhandled SecurityException exception for FileIOPermission while loading configuration file
> -------------------------------------------------------------------------------------------
>
>          Key: LOG4NET-65
>          URL: http://issues.apache.org/jira/browse/LOG4NET-65
>      Project: Log4net
>         Type: Bug
>   Components: Core
>     Versions: 1.2.9
>     Reporter: Nicko Cadell
>     Assignee: Nicko Cadell
>      Fix For: 1.2.10

>
> If the calling application does not have the PathDiscovery FileIOPermission a SecurityException is generated from the XmlConfiguratorAttribute.Configure method. This is called from the first LoggerManager.GetLogger in a calling assembly.
> The exception should be caught as we may potentially be injecting this exception into user code's class initialisation phase which the user would find unexpected.
> An example stack trace for the exception is:
> [SecurityException: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
>    System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
>    System.Security.CodeAccessPermission.Demand() +59
>    System.AppDomainSetup.VerifyDir(String dir, Boolean normalize) +110
>    System.AppDomain.get_BaseDirectory() +61
>    log4net.Util.SystemInfo.get_ApplicationBaseDirectory() +31
>    log4net.Config.XmlConfiguratorAttribute.Configure(Assembly sourceAssembly, ILoggerRepository targetRepository) +30
>    log4net.Core.DefaultRepositorySelector.ConfigureRepository(Assembly assembly, ILoggerRepository repository) +314
>    log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly repositoryAssembly, Type repositoryType, String repositoryName, Boolean readAssemblyAttributes) +532
>    log4net.Core.DefaultRepositorySelector.CreateRepository(Assembly repositoryAssembly, Type repositoryType) +42
>    log4net.Core.DefaultRepositorySelector.GetRepository(Assembly repositoryAssembly) +80
>    log4net.Core.LoggerManager.GetLogger(Assembly repositoryAssembly, String name) +132
>    log4net.LogManager.GetLogger(Assembly repositoryAssembly, String name) +30
>    log4net.LogManager.GetLogger(String name) +34

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira