You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@lucenenet.apache.org by Richard Wilde <ri...@wildesoft.net> on 2011/05/01 17:49:39 UTC

RE: [Lucene.Net] Medium trust security issue

Spot on, fix worked. I had already remarked the offending bit of code out of
the SupportClass.cs file but was unsure of the implications of this.

I have not done a full security analysis and would not know what problems
this would give me further on down the road. 

Thanks for your help and I will have a look into the security as soon as I
understand how I go about it.

Many Thanks
Richard

-----Original Message-----
From: Nicholas Paldino [.NET/C# MVP] [mailto:casperOne@caspershouse.com] 
Sent: 01 May 2011 15:56
To: lucene-net-dev@lucene.apache.org; lucene-net-dev@incubator.apache.org
Subject: RE: [Lucene.Net] Medium trust security issue

Richard,

	This is because the call to FileSupport.Sync ultimately calls
SupportClass.Sync(FileStream) which ends up calling the FlushFileBuffers API
function through the P/Invoke layer, which is disallowed in medium trust
environment.

	However, this should be mitigated by the fact that you have set the
assembly to allow partially trusted callers (are you doing this as a check
in to the tree?  If so, have you done a full security analysis?  Setting
this attribute on an assembly as big as Lucene.NET has major security
implications).

	It would seem to me that you might not have given Lucene.NET a
strong name; this is required for AllowPartiallyTrustedCallers to take
effect.

	This issue was seen by Simone Chiaretta and was discussed in the
group a while ago:

http://web.archiveorange.com/archive/v/3k9XU33O4yJyW15fWfMd

	However, at the time, Lucene.NET was built on .NET 2.0 (IIRC) and
didn't have access to the overload of the Flush method which was used to
guarantee everything was flushed to disk:

http://web.archiveorange.com/archive/v/3k9XU33O4yJyW15fWfMd#MhNDlmKgnUj5fOj

	Since you are now working in .NET 4.0, you should be able to replace
the following code in SupportClass.cs
(https://svn.apache.org/repos/asf/incubator/lucene.net/trunk/C%23/src/Lucene
.Net/SupportClass.cs):

		public static void Sync(System.IO.FileStream fileStream)
		{
			if (fileStream == null)
				throw new
ArgumentNullException("fileStream");

			fileStream.Flush();

			if (OS.IsWindows)
			{
				if (!FlushFileBuffers(fileStream.Handle))
					throw new System.IO.IOException();
			}
			else if (OS.IsUnix)
			{
				if (fsync(fileStream.Handle) != IntPtr.Zero)
				throw new System.IO.IOException();
			}
			else
			{
				throw new NotImplementedException();
			}
		}

With this:

		public static void Sync(System.IO.FileStream fileStream)
		{
			if (fileStream == null)
				throw new
ArgumentNullException("fileStream");

			fileStream.Flush(true);
		}

One could make the argument that this should be taken out of SupportClass
and moved into FSDirectory, but that might break some of your line-for-line
port code, so best to keep it in SupportClass.

	- Nicholas Paldino [.NET/C# MVP]
	
-----Original Message-----
From: Richard Wilde [mailto:richard@wildesoft.net] 
Sent: Sunday, May 01, 2011 6:01 AM
To: lucene-net-dev@incubator.apache.org
Subject: [Lucene.Net] Medium trust security issue

Hi

I am running into problems using Lucence 2.9.2 in a medium trust
environment, namely Rackspace cloud. I have added the following line to
assembleyinfo.cs

[assembly: AllowPartiallyTrustedCallers()]

However the following code produces the error below

                  FSDirectory directory = FSDirectory.Open(new
DirectoryInfo(Server.MapPath("~/App_Data/LuceneIndex")));

                  Analyzer analyzer = new
StandardAnalyzer(Version.LUCENE_29);

 

                  var writer = new IndexWriter(directory, analyzer, true,
IndexWriter.MaxFieldLength.LIMITED);

                  writer.AddDocument(...);

 

                  writer.Optimize();

                  writer.Close();

 

The directory "LuceneIndex" is being created, does anyone have a fix for
this?

Security Exception

Description: The application attempted to perform an operation not allowed
by the security policy.  To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file. 

Exception Details: System.Security.SecurityException: Request failed.

Source Error: 


An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.


Stack Trace: 


 

[SecurityException: Request failed.]

   FileSupport.Sync(FileStream fileStream) +0

   Lucene.Net.Store.FSDirectory.Sync(String name) +157

   Lucene.Net.Index.SegmentInfos.FinishCommit(Directory dir) +184

   Lucene.Net.Index.IndexWriter.Init(Directory d, Analyzer a, Boolean
create, Boolean closeDir, IndexDeletionPolicy deletionPolicy, Boolean
autoCommit, Int32 maxFieldLength, IndexingChain indexingChain, IndexCommit
commit) +293

   Lucene.Net.Index.IndexWriter..ctor(Directory d, Analyzer a, Boolean
create, MaxFieldLength mfl) +413

   Mvc.Cms.Controllers.LuceneController.Index() +1066

   lambda_method(Closure , ControllerBase , Object[] ) +40

   System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller,
Object[] parameters) +17

   System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext
controllerContext, IDictionary`2 parameters) +188

 
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext
controllerContext, ActionDescriptor actionDescriptor, IDictionary`2
parameters) +27

   System.Web.Mvc.<>c__DisplayClass15.<InvokeActionMethodWithFilters>b__12()
+56

 
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilte
r filter, ActionExecutingContext preContext, Func`1 continuation) +267

   System.Web.Mvc.<>c__DisplayClass17.<InvokeActionMethodWithFilters>b__14()
+20

 
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(Control
lerContext controllerContext, IList`1 filters, ActionDescriptor
actionDescriptor, IDictionary`2 parameters) +190

   System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext
controllerContext, String actionName) +329

   System.Web.Mvc.Controller.ExecuteCore() +115

   System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +94

 
System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestCont
ext requestContext) +10

   System.Web.Mvc.<>c__DisplayClassb.<BeginProcessRequest>b__5() +37

   System.Web.Mvc.Async.<>c__DisplayClass1.<MakeVoidDelegate>b__0() +21

 
System.Web.Mvc.Async.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResul
t _) +12

   System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55

   System.Web.Mvc.<>c__DisplayClasse.<EndProcessRequest>b__d() +31

   System.Web.Mvc.SecurityUtil.<GetCallInAppTrustThunk>b__0(Action f) +7

   System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) +23

   System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +59

 
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAs
yncResult result) +9

 
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionSte
p.Execute() +8841105

   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +184

 

  _____  

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET
Version:4.0.30319.1

 

Many Thanks
Rippo