请问这个安全警告均值（.NET Process类）？ [英] what does this security warning mean (.Net Process class)?

问题描述

我使用VSTS 2008 + NET 2.0 + C＃。而且我编译运行后，code分析。我得到了以下令人困惑的安全警告。这里是预警和相关code，任何想法有什么不好？如果有安全警告，如何解决它？

I am using VSTS 2008 + .Net 2.0 + C#. And I am running Code Analysis after build. I got the following confusing security warning. Here is the warning and related code, any ideas what is wrong? If there is security warning, how to fix it?

System.Diagnostics.Process myProcess = new System.Diagnostics.Process();
myProcess.StartInfo.FileName = "IExplore.exe";
myProcess.StartInfo.Arguments = @"default.html";
myProcess.StartInfo.Verb = "runas";
myProcess.Start();

警告：CA2122：Microsoft.Security：TestHtml（）'调用到'的Process.Start（）'具有的LinkDemand。通过这个电话，的Process.Start（）'是间接接触到用户的code。检查可能暴露的方式来绕过安全防护以下调用堆栈：

warning : CA2122 : Microsoft.Security : 'TestHtml()' calls into 'Process.Start()' which has a LinkDemand. By making this call, 'Process.Start()' is indirectly exposed to user code. Review the following call stack that might expose a way to circumvent security protection:

推荐答案

您的方法调用美孚调用到它是由一个链接要求保护的的Process.Start 完全信任。为了避免FxCop的警告你这个问题，你应该添加一个链接需求或完整需求相同的权限，以你的方法。

Your method calls Foo that calls into a Process.Start which is protected by a link demand for Full Trust. In order to avoid the problem that FxCop is warning you about, you should add a link demand or full demand for the same permissions to your method.

您可以通过添加到您的方法解决这个问题。

You can fix it by adding to your method

[PermissionSetAttribute(SecurityAction.LinkDemand, Name="FullTrust")]

请参阅<一href="http://msdn.microsoft.com/en-us/library/970x52db.aspx">http://msdn.microsoft.com/en-us/library/970x52db.aspx

这篇关于请问这个安全警告均值（.NET Process类）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！