ASP.Net Application Trust Medium File IO Outside Virtual Directory
Posted
by Trey Gramann
on Stack Overflow
See other posts from Stack Overflow
or by Trey Gramann
Published on 2009-09-23T17:08:36Z
Indexed on
2010/04/11
21:03 UTC
Read the original article
Hit count: 701
I am trying to determine how suicidal this is...
I have a hosting environment where a custom ASP.Net CMS application needs to access the files in the root folder of a website even though it is in a virtual folder so it can be shared accross many sites. I can modify the Medium trust on the server and came up with this...
<IPermission class="FileIOPermission" version="1"
Read="$AppDir$;$AppDir$\.."
Write="$AppDir$;$AppDir$\.."
Append="$AppDir$;$AppDir$\.."
PathDiscovery="$AppDir$;$AppDir$\.."/>
Oddly enough, it works. Yes, I understand it is doing this for all the Apps.
I am a bit at a loss as to easy ways to test what else is being exposed. Feels dangerous. Opinions?
© Stack Overflow or respective owner