Dangerous Permissions and Policy Administration

 

Several of the protected operations for which the .NET Framework provides permissions can potentially allow the security system to be circumvented. These dangerous permissions should be given only to trustworthy code, and then only as necessary. There is usually no defense against malicious code if it is granted these permissions.

System_CAPS_ICON_note.jpg Note

In the .NET Framework 4, there have been important changes to the .NET Framework security model and terminology. For more information about these changes, see Security Changes.

The dangerous permissions are explained in the following table.

PermissionPotential risk
SecurityPermission
UnmanagedCodeAllows managed code to call into unmanaged code, which is often dangerous.
SkipVerificationWithout verification, the code can do anything.
ControlEvidenceInvalidated evidence can fool security policy.
ControlPolicyThe ability to modify security policy can disable security.
SerializationFormatterThe use of serialization can circumvent accessibility mechanisms. For details, see Security and Serialization.
ControlPrincipalThe ability to set the current principal can trick role-based security.
ControlThreadManipulation of threads is dangerous because of the security state associated with threads.
ReflectionPermission
MemberAccessExceptionCan use private members to defeat accessibility mechanisms.

Secure Coding Guidelines

Show: