Ayende @ Rahien

It's a girl

Debugging Security Exceptions

One of the horrible things about SecurityException is just how little information you are given.

For example, let us take a look at:

image

Yes, that is informative. The real problem is that most security analysis is done at the method level, which means that _something_ in this method caused this problem. Which meant that in order to debug this, I have to change my code to be like this:

image

Which gives me this:

image

Just to point out, the first, second, etc are purely artificial method names, meant just to give me some idea about the problem areas for this purpose only.

Then we need to go into the code in the First method and figure out what the problem is there, and so on, and so forth.

Annoying, and I wish that I knew of a better way.

Tags:

Posted By: Ayende Rahien

Published at

Originally posted at

Comments

Steve Py
08/29/2011 12:35 PM by
Steve Py

Doesn't the stack trace give you the detail you need to find the offending statement by line #?

The culprit from the original code was Line 166 inside DocumentDatabase.cs After your changes to track it down, the line was 185.

Or was the point that Line 166 was merely pointing at the constructor declaration, not the line that triggered the security exception?

tobi
08/29/2011 12:44 PM by
tobi

Side note: never ever put anything that could remotely fail in a static constructor. Failing a static constructor causes the entire application to be effectively permanently unavailable until someone recycles the process. Only pure computations are suited for cctors. Use a static threadsafe lazy for anything else (but not the default one because it stores the exception! what an evil design choice).

Damien Guard
08/29/2011 04:01 PM by
Damien Guard

Attach to web app, throw on exception?

[)amien

Ayende Rahien
08/29/2011 07:01 PM by
Ayende Rahien

Steve, Nope, the line number was actually the function header, not any line in the method itself

Ayende Rahien
08/29/2011 07:02 PM by
Ayende Rahien

Tobi, With the exception of things that are actually "if this fails, a restart is required"

Ayende Rahien
08/29/2011 07:03 PM by
Ayende Rahien

Damien, Try that :-) It wouldn't get into the method / line that is causing it. It would stop when the JIT processed the method, not when executing it.

Keith Bloom
08/29/2011 10:35 PM by
Keith Bloom

Can you catch the exception and use that to help you find the bug?

SecurityException has several properties which should help you to find out why it was raised. This is turn may point to the code which caused it.

http://msdn.microsoft.com/en-us/library/system.security.securityexception_properties.aspx

Ayende Rahien
08/29/2011 10:43 PM by
Ayende Rahien

It doesn't tell me what caused the error (what line of code in the method)

Steve Py
08/30/2011 12:29 AM by
Steve Py

Hmm, at least from a debugging scenario, could CodeAccessPermissions.Assert possibly loosen up the restrictions enough to get a stack-trace without compromising the security restriction causing the exception? Really not something I've ever been in this situation.

Dirk
08/30/2011 12:47 AM by
Dirk

Isn't this by design?

As it is a security exception it could be the result of someone probing trying to footprint the code.

Not giving any details might be annoying but it ticks the securtiy box.

Ayende Rahien
08/30/2011 12:54 AM by
Ayende Rahien

Dirk, Not giving me details means I can't fix this. It is incredibly hard to figure out what is going on

Andre Kraemer
08/31/2011 07:59 AM by
Andre Kraemer

I had a similar problem in a Sharepoint project. The SecurityException was thrown because of a missing permission. In order to find the permission I did the following:

I've surrounded the code that caused the error with a try catch block and caught the security exception. Then I've set a breakpoint in the catch block and had a look at the exception object in the quickwatch window.

The security Exception has a private field called m_demanded (among some other interesting fields), which finally told me what the missing permission was.

Maybe this helps in your case, too.

Comments have been closed on this topic.