nunit-core team mailing list archive
-
nunit-core team
-
Mailing list archive
-
Message #03782
[Bug 1086975] Re: Security Exception After Upgrading to 2.6.2
Hi,
I'm also experiencing this issue. It seems as though it affects
accessing any object byRef over the remoting channel. Unfortunately, we
don't own the server side of our .NET Remoting and I'm not sure how our
vendor is going to feel about applying the config based fix on their
end.
I upgraded to NUnit 2.6.3 and still experience the issue.
System.Runtime.Serialization.SerializationException - Details Follow:
System.Runtime.Serialization.SerializationException: Because of security restrictions, the type System.Runtime.Remoting.ObjRef cannot be accessed. ---> System.Security.SecurityException: Request failed.
at System.Runtime.Serialization.FormatterServices.nativeGetSafeUninitializedObject(RuntimeType type)
at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
The action that failed was:
Demand
The type of the first permission that failed was:
System.Security.Permissions.SecurityPermission
The first permission that failed was:
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Infrastructure"/>
The demand was for:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="Infrastructure"/>
</PermissionSet>
The only permitted permissions were:
<PermissionSet class="System.Security.PermissionSet"
version="1">
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
version="1"
Flags="SerializationFormatter"/>
</PermissionSet>
The method that caused the failure was:
System.Runtime.Remoting.Channels.ServerProcessing ProcessMessage(System.Runtime.Remoting.Channels.IServerChannelSinkStack, System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Channels.ITransportHeaders, System.IO.Stream, System.Runtime.Remoting.Messaging.IMessage ByRef, System.Runtime.Remoting.Channels.ITransportHeaders ByRef, System.IO.Stream ByRef)
--- End of inner exception stack trace ---
Server stack trace:
at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(ParseRecord pr)
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecord pr)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryObjectWithMapTyped record)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryHeaderEnum binaryHeaderEnum)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)
at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)
--
You received this bug notification because you are a member of NUnit
Developers, which is subscribed to NUnit V2.
https://bugs.launchpad.net/bugs/1086975
Title:
Security Exception After Upgrading to 2.6.2
Status in NUnit V2 Test Framework:
Fix Released
Bug description:
From the mailing list, reported by Andy Sipe:
We recently upgraded to 2.6.2 from 2.6.1 and now a few of our top
level integration tests are experiencing remoting security exceptions.
In particular we are having this exception thrown when attempting a
request:
System.Runtime.Serialization.SerializationException : Because of
security restrictions, the type System.Runtime.Remoting.ObjRef cannot
be accessed.
2.6.1 no problem, 2.6.2 this exception -- no other chnages in the
source.
Note that this is occurring in our tests not in the nunit framework
directly.
I've included a full stack trace at the end of this message. I'm not
sure its going to help a whole lot as it occurs in our test code not
in the nunit code. Note that in every case the exception is raised
when the response is deserialized and that the actual request works as
expected (server gets hit and executes). To me it looks like there
is some new security restriction being applied at a somewhat high
level that is overriding the defaults.
I was able to work around the issue by setting the type filter and
some other security settings in the code that configures the security
surrounding remoting. Fortunately we handle all of this outside of
configuration files or I'm unsure it would have worked as changing
configuration files seemed to have no impact. Once I set the type
filter to full everything worked as expected again.
For our purposes this will likely work as we don't use remoting
extensively. That said there is like some change in 2.6.2 that may
cause others problems as well.
Thanks -andy
at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(ParseRecord pr)
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecord pr)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryObjectWithMapTyped record)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryHeaderEnum binaryHeaderEnum)
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)
at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)
at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
... snip application level frames ....
To manage notifications about this bug go to:
https://bugs.launchpad.net/nunitv2/+bug/1086975/+subscriptions
References