ASP.Net Application Trust Medium File IO Outside Virtual Directory

Posted by Trey Gramann on Stack Overflow See other posts from Stack Overflow or by Trey Gramann
Published on 2009-09-23T17:08:36Z Indexed on 2010/04/11 21:03 UTC
Read the original article Hit count: 701

I am trying to determine how suicidal this is...

I have a hosting environment where a custom ASP.Net CMS application needs to access the files in the root folder of a website even though it is in a virtual folder so it can be shared accross many sites. I can modify the Medium trust on the server and came up with this...

<IPermission class="FileIOPermission" version="1"
Read="$AppDir$;$AppDir$\.."
Write="$AppDir$;$AppDir$\.."
Append="$AppDir$;$AppDir$\.."
PathDiscovery="$AppDir$;$AppDir$\.."/>

Oddly enough, it works. Yes, I understand it is doing this for all the Apps.

I am a bit at a loss as to easy ways to test what else is being exposed. Feels dangerous. Opinions?

© Stack Overflow or respective owner

Related posts about virtual-directory

Related posts about medium-trust