RE: [Lucene.Net] Medium trust security issue
Richard,
This is because the call to FileSupport.Sync ultimately calls
SupportClass.Sync(FileStream) which ends up calling the FlushFileBuffers API
function through the P/Invoke layer, which is disallowed in medium trust
environment.
However, this should be mitigated by the fact that you have set the
assembly to allow partially trusted callers (are you doing this as a check
in to the tree? If so, have you done a full security analysis? Setting
this attribute on an assembly as big as Lucene.NET has major security
implications).
It would seem to me that you might not have given Lucene.NET a
strong name; this is required for AllowPartiallyTrustedCallers to take
effect.
This issue was seen by Simone Chiaretta and was discussed in the
group a while ago:
http://web.archiveorange.com/archive/v/3k9XU33O4yJyW15fWfMd
However, at the time, Lucene.NET was built on .NET 2.0 (IIRC) and
didn't have access to the overload of the Flush method which was used to
guarantee everything was flushed to disk:
http://web.archiveorange.com/archive/v/3k9XU33O4yJyW15fWfMd#MhNDlmKgnUj5fOj
Since you are now working in .NET 4.0, you should be able to replace
the following code in SupportClass.cs
(https://svn.apache.org/repos/asf/incubator/lucene.net/trunk/C%23/src/Lucene
.Net/SupportClass.cs):
public static void Sync(System.IO.FileStream fileStream)
{
if (fileStream == null)
throw new
ArgumentNullException("fileStream");
fileStream.Flush();
if (OS.IsWindows)
{
if (!FlushFileBuffers(fileStream.Handle))
throw new System.IO.IOException();
}
else if (OS.IsUnix)
{
if (fsync(fileStream.Handle) != IntPtr.Zero)
throw new System.IO.IOException();
}
else
{
throw new NotImplementedException();
}
}
With this:
public static void Sync(System.IO.FileStream fileStream)
{
if (fileStream == null)
throw new
ArgumentNullException("fileStream");
fileStream.Flush(true);
}
One could make the argument that this should be taken out of SupportClass
and moved into FSDirectory, but that might break some of your line-for-line
port code, so best to keep it in SupportClass.
- Nicholas Paldino [.NET/C# MVP]
-Original Message-
From: Richard Wilde [mailto:rich...@wildesoft.net]
Sent: Sunday, May 01, 2011 6:01 AM
To: lucene-net-...@incubator.apache.org
Subject: [Lucene.Net] Medium trust security issue
Hi
I am running into problems using Lucence 2.9.2 in a medium trust
environment, namely Rackspace cloud. I have added the following line to
assembleyinfo.cs
[assembly: AllowPartiallyTrustedCallers()]
However the following code produces the error below
FSDirectory directory = FSDirectory.Open(new
DirectoryInfo(Server.MapPath("~/App_Data/LuceneIndex")));
Analyzer analyzer = new
StandardAnalyzer(Version.LUCENE_29);
var writer = new IndexWriter(directory, analyzer, true,
IndexWriter.MaxFieldLength.LIMITED);
writer.AddDocument(...);
writer.Optimize();
writer.Close();
The directory "LuceneIndex" is being created, does anyone have a fix for
this?
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.
Exception Details: System.Security.SecurityException: Request failed.
Source Error:
An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.
Stack Trace:
[SecurityException: Request failed.]
FileSupport.Sync(FileStream fileStream) +0
Lucene.Net.Store.FSDirectory.Sync(String name) +157
Lucene.Net.Index.SegmentInfos.FinishCommit(Directory dir) +184
Lucene.Net.Index.IndexWriter.Init(Directory d, Analyzer a, Boolean
create, Boolean closeDir, IndexDeletionPolicy deletionPolicy, Boolean
autoCommit, Int32 maxFieldLength, IndexingChain indexingChain, IndexCommit
commit) +293
Lucene.Net.Index.IndexWriter..ctor(Directory d, Analyzer a, Boolean
create, MaxFieldLength mfl) +413
Mvc.Cms.Controller
[Lucene.Net] Medium trust security issue
Hi
I am running into problems using Lucence 2.9.2 in a medium trust
environment, namely Rackspace cloud. I have added the following line to
assembleyinfo.cs
[assembly: AllowPartiallyTrustedCallers()]
However the following code produces the error below
FSDirectory directory = FSDirectory.Open(new
DirectoryInfo(Server.MapPath("~/App_Data/LuceneIndex")));
Analyzer analyzer = new
StandardAnalyzer(Version.LUCENE_29);
var writer = new IndexWriter(directory, analyzer, true,
IndexWriter.MaxFieldLength.LIMITED);
writer.AddDocument(...);
writer.Optimize();
writer.Close();
The directory "LuceneIndex" is being created, does anyone have a fix for
this?
Security Exception
Description: The application attempted to perform an operation not allowed
by the security policy. To grant this application the required permission
please contact your system administrator or change the application's trust
level in the configuration file.
Exception Details: System.Security.SecurityException: Request failed.
Source Error:
An unhandled exception was generated during the execution of the current web
request. Information regarding the origin and location of the exception can
be identified using the exception stack trace below.
Stack Trace:
[SecurityException: Request failed.]
FileSupport.Sync(FileStream fileStream) +0
Lucene.Net.Store.FSDirectory.Sync(String name) +157
Lucene.Net.Index.SegmentInfos.FinishCommit(Directory dir) +184
Lucene.Net.Index.IndexWriter.Init(Directory d, Analyzer a, Boolean
create, Boolean closeDir, IndexDeletionPolicy deletionPolicy, Boolean
autoCommit, Int32 maxFieldLength, IndexingChain indexingChain, IndexCommit
commit) +293
Lucene.Net.Index.IndexWriter..ctor(Directory d, Analyzer a, Boolean
create, MaxFieldLength mfl) +413
Mvc.Cms.Controllers.LuceneController.Index() +1066
lambda_method(Closure , ControllerBase , Object[] ) +40
System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller,
Object[] parameters) +17
System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext
controllerContext, IDictionary`2 parameters) +188
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext
controllerContext, ActionDescriptor actionDescriptor, IDictionary`2
parameters) +27
System.Web.Mvc.<>c__DisplayClass15.b__12()
+56
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilte
r filter, ActionExecutingContext preContext, Func`1 continuation) +267
System.Web.Mvc.<>c__DisplayClass17.b__14()
+20
System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(Control
lerContext controllerContext, IList`1 filters, ActionDescriptor
actionDescriptor, IDictionary`2 parameters) +190
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext
controllerContext, String actionName) +329
System.Web.Mvc.Controller.ExecuteCore() +115
System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +94
System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestCont
ext requestContext) +10
System.Web.Mvc.<>c__DisplayClassb.b__5() +37
System.Web.Mvc.Async.<>c__DisplayClass1.b__0() +21
System.Web.Mvc.Async.<>c__DisplayClass8`1.b__7(IAsyncResul
t _) +12
System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55
System.Web.Mvc.<>c__DisplayClasse.b__d() +31
System.Web.Mvc.SecurityUtil.b__0(Action f) +7
System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) +23
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +59
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAs
yncResult result) +9
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionSte
p.Execute() +8841105
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +184
_
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET
Version:4.0.30319.1
Many Thanks
Rippo
