|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
LoadFrom() and probing pathsAssembly.LoadFrom. I noticed that Assembly.LoadFrom (and Activator.CreateInstanceFrom) seems to extend the probing directory list. i.e. the private probe paths seem to include both AppDomain.ApplicationBase and the directory specified in the LoadFrom call. I would have expected it would be more secure to override ApplicationBase. For example, given the following files: APP\APP.exe APP\Manager.dll RULES\MgrUtil.dll RULES\rule.dll Where Manager.dll has a reference to MgrUtil.dll. If I create an AppDomain whose ApplicationBase is RULES that uses Assembly.LoadFrom("..\Manager.dll") the load works. I would have expected it to only work if MgrUtil.dll was in APP, despite RULES being a subdirectory of APP. Adding RULES to the probing list would be easy; I just didn't expect the default behaviour to not require it. Security/permissions and expansion of relative paths have not been shown. Is this by design? Hi Peter,
>If I create an AppDomain whose ApplicationBase is Based on my understanding, you concern about the directory which specified >Assembly.LoadFrom("..\Manager.dll") the load works. >I would have expected it to only work if MgrUtil.dll was >in APP, despite RULES being a subdirectory of APP. in the AppDomainSetup.ApplicationBase property should not be add it into the probing paths, or it may need more security/permissions requirement on it. Please let me know if I have misunderstood anything. AFAIK, the directory specified in the AppDomainSetup.ApplicationBase property would be the location where the assembly manager begins probing for assemblies. I think such a probing path behavior is as expected. Thanks! Best regards, Gary Chang Microsoft Community Support ====================================================== PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00 AM PST, February 14, 2006. Please complete a re-registration process by entering the secure code mmpng06 when prompted. Once you have entered the secure code mmpng06, you will be able to update your profile and access the partner newsgroups. ====================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from this issue. ====================================================== This posting is provided "AS IS" with no warranties, and confers no rights. ====================================================== You don't sound very certain.
Show quote > Hi Peter, > > >If I create an AppDomain whose ApplicationBase is > >Assembly.LoadFrom("..\Manager.dll") the load works. > >I would have expected it to only work if MgrUtil.dll was > >in APP, despite RULES being a subdirectory of APP. > > Based on my understanding, you concern about the directory which specified > in the AppDomainSetup.ApplicationBase property should not be add it into > the probing paths, or it may need more security/permissions requirement on > it. Please let me know if I have misunderstood anything. > > AFAIK, the directory specified in the AppDomainSetup.ApplicationBase > property would be the location where the assembly manager begins probing > for assemblies. I think such a probing path behavior is as expected. > > > Thanks! > > Best regards, > > Gary Chang > Microsoft Community Support > ====================================================== > PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00 > AM PST, February 14, 2006. Please complete a re-registration process by > entering the secure code mmpng06 when prompted. Once you have entered the > secure code mmpng06, you will be able to update your profile and access the > partner newsgroups. > ====================================================== > When responding to posts, please "Reply to Group" via your newsreader so > that others may learn and benefit from this issue. > ====================================================== > This posting is provided "AS IS" with no warranties, and confers no rights. > ====================================================== > > Hi Peter,
>You don't sound very certain. I am afraid that's my favorite tone.Thanks for your understanding! Best regards, Gary Chang Microsoft Community Support ====================================================== PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00 AM PST, February 14, 2006. Please complete a re-registration process by entering the secure code mmpng06 when prompted. Once you have entered the secure code mmpng06, you will be able to update your profile and access the partner newsgroups. ====================================================== When responding to posts, please "Reply to Group" via your newsreader so that others may learn and benefit from this issue. ====================================================== This posting is provided "AS IS" with no warranties, and confers no rights. ======================================================  |
|||||||||||||||||||||||
Other interesting topics