← Back to team overview

nunit-core team mailing list archive

  1. nunit-core team
  2. Mailing list archive
  3. Message #03350

[Bug 1086975] [NEW] Security Exception After Upgrading to 2.6.2

  Thread PreviousDate PreviousThread Next 
Public bug reported:

>From the mailing list, reported by Andy Sipe:

We recently upgraded to 2.6.2 from 2.6.1 and now a few of our top level
integration tests are experiencing remoting security exceptions.

In particular we are having this exception thrown when attempting a
request:

System.Runtime.Serialization.SerializationException : Because of
security restrictions, the type System.Runtime.Remoting.ObjRef cannot be
accessed.

2.6.1 no problem, 2.6.2 this exception -- no other chnages in the
source.

Note that this is occurring in our tests not in the nunit framework
directly.

I've included a full stack trace at the end of this message.  I'm not
sure its going to help a whole lot as it occurs in our test code not in
the nunit code.  Note that in every case the exception is raised when
the response is deserialized and that the actual request works as
expected (server gets hit and executes).   To me it looks like there is
some new security restriction being applied at a somewhat high level
that is overriding the defaults.

I was able to work around the issue by setting the type filter and some
other security settings in the code that configures the security
surrounding remoting.   Fortunately we handle all of this outside of
configuration files or I'm unsure it would have worked as changing
configuration files seemed to have no impact.    Once I set the type
filter to full everything worked as expected again.

For our purposes this will likely work as we don't use remoting
extensively.   That said there is like some change in 2.6.2 that may
cause others problems as well.

Thanks -andy


at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(ParseRecord pr)
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecord pr)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryObjectWithMapTyped record)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryHeaderEnum binaryHeaderEnum)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)
at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
... snip application level frames ....

** Affects: nunitv2
     Importance: Undecided
     Assignee: Simone Busoli (simone.busoli)
         Status: Confirmed

** Changed in: nunitv2
       Status: New => Confirmed

** Changed in: nunitv2
     Assignee: (unassigned) => Simone Busoli (simone.busoli)

-- 
You received this bug notification because you are a member of NUnit
Developers, which is subscribed to NUnit V2.
https://bugs.launchpad.net/bugs/1086975

Title:
  Security Exception After Upgrading to 2.6.2

Status in NUnit V2 Test Framework:
  Confirmed

Bug description:
  From the mailing list, reported by Andy Sipe:

  We recently upgraded to 2.6.2 from 2.6.1 and now a few of our top
  level integration tests are experiencing remoting security exceptions.

  In particular we are having this exception thrown when attempting a
  request:

  System.Runtime.Serialization.SerializationException : Because of
  security restrictions, the type System.Runtime.Remoting.ObjRef cannot
  be accessed.

  2.6.1 no problem, 2.6.2 this exception -- no other chnages in the
  source.

  Note that this is occurring in our tests not in the nunit framework
  directly.

  I've included a full stack trace at the end of this message.  I'm not
  sure its going to help a whole lot as it occurs in our test code not
  in the nunit code.  Note that in every case the exception is raised
  when the response is deserialized and that the actual request works as
  expected (server gets hit and executes).   To me it looks like there
  is some new security restriction being applied at a somewhat high
  level that is overriding the defaults.

  I was able to work around the issue by setting the type filter and
  some other security settings in the code that configures the security
  surrounding remoting.   Fortunately we handle all of this outside of
  configuration files or I'm unsure it would have worked as changing
  configuration files seemed to have no impact.    Once I set the type
  filter to full everything worked as expected again.

  For our purposes this will likely work as we don't use remoting
  extensively.   That said there is like some change in 2.6.2 that may
  cause others problems as well.

  Thanks -andy

  
  at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
  at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(ParseRecord pr)
  at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecord pr)
  at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryObjectWithMapTyped record)
  at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryHeaderEnum binaryHeaderEnum)
  at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
  at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
  at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
  at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)
  at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)

  Exception rethrown at [0]:
  at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
  at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
  ... snip application level frames ....

To manage notifications about this bug go to:
https://bugs.launchpad.net/nunitv2/+bug/1086975/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next