-
Notifications
You must be signed in to change notification settings - Fork 4.9k
Strip out SecurityCritical attributes #14383
Conversation
They don't have any function in Core. Stripped via regex: ^.*\[(System\.Security\.)?Security(Safe)?Critical(Attribute)?\](\s*//.*|\s*)$[\r\n]*
@@ -252,15 +248,12 @@ internal static class Win32Native | |||
private const string CoreLocalizationApiSet = "kernel32.dll"; | |||
#endif | |||
|
|||
[System.Security.SecuritySafeCritical] | |||
// Gets an error message for a Win32 error code. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Do we want to keep this comment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll put it back
There are still some remaining attributes that don't match this regex, e.g. Also, is any of this code compiled into assemblies meant to run on desktop? I'm wondering if we need to not strip them from certain files/libs because they're still necessary there. Otherwise, LGTM. |
Most. I wanted to validate the build process to begin with. I'll find the stragglers in another change.
Hmm. I'm trying to envision how that might work/not work and whether or not we care about the NetStandard on limited-trust desktop. I would assume that we're horribly broken if this matters- we're not testing that scenario afaik. My personal feeling is to make NS on desktop a non-goal. Having to float security attributes through peoples libraries for "full" compatibility sounds like a nightmare to support and having them around adds confusion. |
Immutable and Compression are the tricky ones. @jkotas in https://github.com/dotnet/corefx/issues/12592 described the criteria. |
What about AllowPartiallyTrustedCallers and SecurityTransparent? |
Heh, I didn't notice there was an existing issue. I've taken it and I'll finish this up. |
Slightly related ....but stripping out these [SecurityCritical] attributes will make things like fixing #11100 impossible. Because one solution to fixing #11100 is to add back a ton of these attributes for the cross-compile (for .NET Framework build) of System.Net.Http since it is OOB'd on Desktop. |
But only for OOB packages. The packages that don't ship as OOB (i.e. won't ever run on Desktop), which is majority, don't need the attributes. |
My comment above was more about reacting to this comment in the thread:
|
The OOB should compile (and run) against Desktop targeting pack (whatever the terminology is), so the attributes at least don't leak into non-OOB packages. |
I pulled it back out until there is a full understanding of what exactly should be done. To be clear- I'm not against having attributes in if they are blocking scenarios people are actually using. |
Removing attributes may break these assemblies on desktop in all cases. Even for full trust scenarios, the attributes are enforced by the desktop runtime and cannot be disabled. |
Assemblies which are shipping in .NET Core only are not meant to run on Desktop runtime. |
@karelz Agreed... The #if OOB idea is ok, though since these are no-ops on .NET Core, leaving them in is equivalent. I just meant that if any of these run outside of .NET Core, we still need attributes. |
My problem with leaving the no-ops in is that it is confusing and we have no mechanism for maintaining them. Do we have a list of what is OOB and what is not? |
Exactly, the maintenance problem is a huge problem (new APIs won't have the attributes) and the confusion doesn't help either. @weshaggard @ericstj do we have list of OOBs in CoreFX repo? |
We don't have a list exactly but any of the libraries that have source code for netfx* builds (and not just pure facades) are ones that are interesting. We could pretty easily produce a list based on that logic. |
Presumably anything which is part of/a dependency of NETStandard.Library is likely to end up running on desktop at some point. |
@gulbanana that's not the plan. Changes from .NET Core will be eventually ported to Desktop ("full" Framework), but the source code won't likely be used on Desktop directly. |
@weshaggard do you have hint how to 'findstr' all of them? I think I can just look at ImmutableCollections or Metadata and guess it from there - will try it later. |
Unfortunately I don't think findstr is going to be the best tool for this job. It will find things that are directly targeting desktop but not things that are indirectly targeting desktop via netstandard/PCL. @ericstj do you have an cheap cleaver ways to find all these? Perhaps reference all our packages and resolve for desktop? |
Package reports will show all this data. They'll list binaries as well as projects and the configuration they were built with. |
From offline discussion: What is most interesting to me (now) is list of OOB packages which also ship as part of the platform (e.g. Networking OOB). |
@karelz as I mentioned, package reports have all this data. Most of our packages ship some dll on some version of desktop. Many replace the inbox facades, only a couple replace inbox implementations. System.Net.Http and System.IO.Compression are the only two in the latter camp. Please have a look at the package reports (just look for reports folder under the bin//packages folder after your build). There is a lot of data here so you should be able to get any sort of info you want out of it by processing in the right way. |
Thanks @ericstj!
|
If there is a dll listed under the desktop section then it ships an implementation that will run on desktop. You can also see what project built this dll:
Contrast this to an early version of desktop where this library was inbox:
|
They don't have any function in Core. Stripped via regex: ^.*\[(System\.Security\.)?Security(Safe)?Critical(Attribute)?\](\s*//.*|\s*)$[\r\n]*
They don't have any function in Core. Stripped via regex: ^.*\[(System\.Security\.)?Security(Safe)?Critical(Attribute)?\](\s*//.*|\s*)$[\r\n]* Commit migrated from dotnet/corefx@1abd60c
They don't have any function in Core.
Stripped via regex:
related to dotnet/coreclr#8571