Skip to content
This repository has been archived by the owner on Jan 23, 2023. It is now read-only.
/ corefx Public archive

Add SecurityTransparentAttribute to System.Collections.Immutable #3847

Merged
merged 1 commit into from
Oct 14, 2015

Conversation

AArnott
Copy link

@AArnott AArnott commented Oct 14, 2015

I'm currently soliciting verification results from @NArnott

Fix #3293
Fix #1512


using System.Security;

[assembly: SecurityTransparent]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@weshaggard, @joshfree, are there any other corefx assemblies we should be doing this with? I'm wondering if we should move this file to src/Common.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not entirely sure what the implications of this are so I cannot say definitively. Unless someone does some proper test validation and understands the scope I don't think I'm comfortable with blindly doing this.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think I'm comfortable with blindly doing this

Thanks... just to be clear, are you referring to this specific change to immutable collections, or are you referring to my question about doing it elsewhere as well?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was referring to the general case. I'm OK with individual libraries adding this if the right testing and security audits are done (i.e. we know we don't call critical code without proper checks and annotations).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually thinking a little more I kind of recall @jkotas suggesting we remove all security annotations for our libraries so perhaps he has an opinion on whether we should be marking this transparent or not.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This library (and some of the others in corefx) seem like special cases, though, as they are meant to be usable with runtimes that do enforce security annotations.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Supporting partial trust is not as simple as simple as adding a security transparent annotation.

You have to also make sure that the assembly actually works in partial trust, ie. verify that the security transparent code is not calling security critical code - both statically using secanotate tool, and dynamically (by running tests in environment that enforces security transparency).

Paying for this extra burden would be prohibitive across the board for corefx, paying for it in a few special cases should be ok.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @jkotas. I'll read up on that tool and try to run it against this particular library.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The secannotate report is clean:

Annotating 'System.Collections.Immutable'.
Beginning pass 1.
Pass complete, 0 new annotation(s) generated.

If I was more comfortable with the build process and knew it would work either cross platform or could constrain it to only happen on Windows, I could wire up secannotate to run as part of the build or test process. But as I think this library is unlikely to make any calls to Critical code, it's probably overkill to guard against introducing such unless the cost is low.

@stephentoub
Copy link
Member

LGTM

stephentoub added a commit that referenced this pull request Oct 14, 2015
Add SecurityTransparentAttribute to System.Collections.Immutable
@stephentoub stephentoub merged commit cce3844 into dotnet:master Oct 14, 2015
@AArnott
Copy link
Author

AArnott commented Oct 14, 2015

@stephentoub I was waiting for @NArnott to sign off on the effectiveness of this fix in a partial trust application prior to merging this.

@stephentoub
Copy link
Member

Oops, my bad. I can revert it out if you'd like.

@AArnott
Copy link
Author

AArnott commented Oct 14, 2015

Let's wait and see what @NArnott says before backing it out. I'm hopeful it will work. :)

@AArnott AArnott deleted the fix3293 branch October 15, 2015 15:27
@karelz karelz modified the milestone: 1.0.0-rtm Dec 3, 2016
picenka21 pushed a commit to picenka21/runtime that referenced this pull request Feb 18, 2022
Add SecurityTransparentAttribute to System.Collections.Immutable

Commit migrated from dotnet/corefx@cce3844
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants