RE: [Lucene.Net] Medium trust security issue
Richard, This is because the call to FileSupport.Sync ultimately calls SupportClass.Sync(FileStream) which ends up calling the FlushFileBuffers API function through the P/Invoke layer, which is disallowed in medium trust environment. However, this should be mitigated by the fact that you have set the assembly to allow partially trusted callers (are you doing this as a check in to the tree? If so, have you done a full security analysis? Setting this attribute on an assembly as big as Lucene.NET has major security implications). It would seem to me that you might not have given Lucene.NET a strong name; this is required for AllowPartiallyTrustedCallers to take effect. This issue was seen by Simone Chiaretta and was discussed in the group a while ago: http://web.archiveorange.com/archive/v/3k9XU33O4yJyW15fWfMd However, at the time, Lucene.NET was built on .NET 2.0 (IIRC) and didn't have access to the overload of the Flush method which was used to guarantee everything was flushed to disk: http://web.archiveorange.com/archive/v/3k9XU33O4yJyW15fWfMd#MhNDlmKgnUj5fOj Since you are now working in .NET 4.0, you should be able to replace the following code in SupportClass.cs (https://svn.apache.org/repos/asf/incubator/lucene.net/trunk/C%23/src/Lucene .Net/SupportClass.cs): public static void Sync(System.IO.FileStream fileStream) { if (fileStream == null) throw new ArgumentNullException("fileStream"); fileStream.Flush(); if (OS.IsWindows) { if (!FlushFileBuffers(fileStream.Handle)) throw new System.IO.IOException(); } else if (OS.IsUnix) { if (fsync(fileStream.Handle) != IntPtr.Zero) throw new System.IO.IOException(); } else { throw new NotImplementedException(); } } With this: public static void Sync(System.IO.FileStream fileStream) { if (fileStream == null) throw new ArgumentNullException("fileStream"); fileStream.Flush(true); } One could make the argument that this should be taken out of SupportClass and moved into FSDirectory, but that might break some of your line-for-line port code, so best to keep it in SupportClass. - Nicholas Paldino [.NET/C# MVP] -Original Message- From: Richard Wilde [mailto:rich...@wildesoft.net] Sent: Sunday, May 01, 2011 6:01 AM To: lucene-net-...@incubator.apache.org Subject: [Lucene.Net] Medium trust security issue Hi I am running into problems using Lucence 2.9.2 in a medium trust environment, namely Rackspace cloud. I have added the following line to assembleyinfo.cs [assembly: AllowPartiallyTrustedCallers()] However the following code produces the error below FSDirectory directory = FSDirectory.Open(new DirectoryInfo(Server.MapPath("~/App_Data/LuceneIndex"))); Analyzer analyzer = new StandardAnalyzer(Version.LUCENE_29); var writer = new IndexWriter(directory, analyzer, true, IndexWriter.MaxFieldLength.LIMITED); writer.AddDocument(...); writer.Optimize(); writer.Close(); The directory "LuceneIndex" is being created, does anyone have a fix for this? Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SecurityException: Request failed.] FileSupport.Sync(FileStream fileStream) +0 Lucene.Net.Store.FSDirectory.Sync(String name) +157 Lucene.Net.Index.SegmentInfos.FinishCommit(Directory dir) +184 Lucene.Net.Index.IndexWriter.Init(Directory d, Analyzer a, Boolean create, Boolean closeDir, IndexDeletionPolicy deletionPolicy, Boolean autoCommit, Int32 maxFieldLength, IndexingChain indexingChain, IndexCommit commit) +293 Lucene.Net.Index.IndexWriter..ctor(Directory d, Analyzer a, Boolean create, MaxFieldLength mfl) +413 Mvc.Cms.Controller
[Lucene.Net] Medium trust security issue
Hi I am running into problems using Lucence 2.9.2 in a medium trust environment, namely Rackspace cloud. I have added the following line to assembleyinfo.cs [assembly: AllowPartiallyTrustedCallers()] However the following code produces the error below FSDirectory directory = FSDirectory.Open(new DirectoryInfo(Server.MapPath("~/App_Data/LuceneIndex"))); Analyzer analyzer = new StandardAnalyzer(Version.LUCENE_29); var writer = new IndexWriter(directory, analyzer, true, IndexWriter.MaxFieldLength.LIMITED); writer.AddDocument(...); writer.Optimize(); writer.Close(); The directory "LuceneIndex" is being created, does anyone have a fix for this? Security Exception Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file. Exception Details: System.Security.SecurityException: Request failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [SecurityException: Request failed.] FileSupport.Sync(FileStream fileStream) +0 Lucene.Net.Store.FSDirectory.Sync(String name) +157 Lucene.Net.Index.SegmentInfos.FinishCommit(Directory dir) +184 Lucene.Net.Index.IndexWriter.Init(Directory d, Analyzer a, Boolean create, Boolean closeDir, IndexDeletionPolicy deletionPolicy, Boolean autoCommit, Int32 maxFieldLength, IndexingChain indexingChain, IndexCommit commit) +293 Lucene.Net.Index.IndexWriter..ctor(Directory d, Analyzer a, Boolean create, MaxFieldLength mfl) +413 Mvc.Cms.Controllers.LuceneController.Index() +1066 lambda_method(Closure , ControllerBase , Object[] ) +40 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +17 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +188 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +27 System.Web.Mvc.<>c__DisplayClass15.b__12() +56 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodFilter(IActionFilte r filter, ActionExecutingContext preContext, Func`1 continuation) +267 System.Web.Mvc.<>c__DisplayClass17.b__14() +20 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethodWithFilters(Control lerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +190 System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +329 System.Web.Mvc.Controller.ExecuteCore() +115 System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) +94 System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestCont ext requestContext) +10 System.Web.Mvc.<>c__DisplayClassb.b__5() +37 System.Web.Mvc.Async.<>c__DisplayClass1.b__0() +21 System.Web.Mvc.Async.<>c__DisplayClass8`1.b__7(IAsyncResul t _) +12 System.Web.Mvc.Async.WrappedAsyncResult`1.End() +55 System.Web.Mvc.<>c__DisplayClasse.b__d() +31 System.Web.Mvc.SecurityUtil.b__0(Action f) +7 System.Web.Mvc.SecurityUtil.ProcessInApplicationTrust(Action action) +23 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +59 System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAs yncResult result) +9 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionSte p.Execute() +8841105 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +184 _ Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1 Many Thanks Rippo