New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not use Process.GetCurrentProcess() to get calling executable [DNET293] #304
Comments
Modified by: Valeriy K. (darkside)priority: Blocker [ 1 ] => Critical [ 2 ] |
Modified by: Valeriy K. (darkside)description: In FbConnectionInternal.cs at line 548 DO NOT use "Process.GetCurrentProcess().MainModule.FileName" to determine calling executable. Instead of this please use "Assembly.GetEntryAssembly().Location" because call to Process.GetCurrentProcess() demands application to increase they privileges to "Debug privileges" (that we don't need at all). By calling "Assembly.GetEntryAssembly().Location" we will get the same process string as call to "Process.GetCurrentProcess().MainModule.FileName" but without requesting debug privileges. => In FbConnectionInternal.cs at line 548 DO NOT use "Process.GetCurrentProcess().MainModule.FileName" to determine calling executable. Instead of this please use "Assembly.GetEntryAssembly().Location" because call to Process.GetCurrentProcess() demands application to increase it privileges to "Debug privileges" (that we don't need at all). By calling "Assembly.GetEntryAssembly().Location" we will get the same process string as call to "Process.GetCurrentProcess().MainModule.FileName" but without requesting debug privileges. |
Commented by: @cincuranet That's only partially true. The GetEntryAssembly method doesn't work for unmanaged code, hence if you load the assembly from i.e. VS, you'll be able to send the path to process. |
Commented by: Valeriy K. (darkside) Hm... I thought that .NET Firebird Client library is designed to use with managed code only. Anyway, it possible to do a workaround: String execProc = Assembly.GetEntryAssembly() == null ? Process.GetCurrentProcess().MainModule.FileName : Assembly.GetEntryAssembly().Location; What do you say? |
Commented by: @cincuranet Yes, this looks good enough. |
Modified by: @cincuranetstatus: Open [ 1 ] => Resolved [ 5 ] resolution: Fixed [ 1 ] Fix Version: 2.5.3 [ 10380 ] |
Submitted by: Valeriy K. (darkside)
In FbConnectionInternal.cs at line 548 DO NOT use "Process.GetCurrentProcess().MainModule.FileName" to determine calling executable. Instead of this please use "Assembly.GetEntryAssembly().Location" because call to Process.GetCurrentProcess() demands application to increase it privileges to "Debug privileges" (that we don't need at all).
By calling "Assembly.GetEntryAssembly().Location" we will get the same process string as call to "Process.GetCurrentProcess().MainModule.FileName" but without requesting debug privileges.
Commits: d3bdf16
The text was updated successfully, but these errors were encountered: