← Back to team overview

nunit-core team mailing list archive

[Bug 1086975] Re: Security Exception After Upgrading to 2.6.2

 

** Changed in: nunitv2
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of NUnit
Developers, which is subscribed to NUnit V2.
https://bugs.launchpad.net/bugs/1086975

Title:
  Security Exception After Upgrading to 2.6.2

Status in NUnit V2 Test Framework:
  Fix Released

Bug description:
  From the mailing list, reported by Andy Sipe:

  We recently upgraded to 2.6.2 from 2.6.1 and now a few of our top
  level integration tests are experiencing remoting security exceptions.

  In particular we are having this exception thrown when attempting a
  request:

  System.Runtime.Serialization.SerializationException : Because of
  security restrictions, the type System.Runtime.Remoting.ObjRef cannot
  be accessed.

  2.6.1 no problem, 2.6.2 this exception -- no other chnages in the
  source.

  Note that this is occurring in our tests not in the nunit framework
  directly.

  I've included a full stack trace at the end of this message.  I'm not
  sure its going to help a whole lot as it occurs in our test code not
  in the nunit code.  Note that in every case the exception is raised
  when the response is deserialized and that the actual request works as
  expected (server gets hit and executes).   To me it looks like there
  is some new security restriction being applied at a somewhat high
  level that is overriding the defaults.

  I was able to work around the issue by setting the type filter and
  some other security settings in the code that configures the security
  surrounding remoting.   Fortunately we handle all of this outside of
  configuration files or I'm unsure it would have worked as changing
  configuration files seemed to have no impact.    Once I set the type
  filter to full everything worked as expected again.

  For our purposes this will likely work as we don't use remoting
  extensively.   That said there is like some change in 2.6.2 that may
  cause others problems as well.

  Thanks -andy

  
  at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
  at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(ParseRecord pr)
  at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecord pr)
  at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryObjectWithMapTyped record)
  at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryHeaderEnum binaryHeaderEnum)
  at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
  at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
  at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
  at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)
  at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)

  Exception rethrown at [0]:
  at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
  at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
  ... snip application level frames ....

To manage notifications about this bug go to:
https://bugs.launchpad.net/nunitv2/+bug/1086975/+subscriptions


References