That is what I was thinking.

However, we probably should be demanding read access for the
EnvironmentPermission for cases where Castle assemblies are installed in the
GAC and APTCA is used.

On Mon, Mar 2, 2009 at 9:33 PM, James Curran <[email protected]> wrote:

>
> I don't believe so.  To exploit this, one would have to be able to
> change a environment variable, change something which uses a URI (like
> a view), or convince a user to run a hostile castle-based exe on their
> system.  In all three cases, the system is already compromised.
>
> --
> Truth,
>     James
>
> On Mon, Mar 2, 2009 at 1:15 AM, hammett <[email protected]> wrote:
> >
> > Isnt there security implications on this one?
> >
> > On Sun, Mar 1, 2009 at 2:57 AM,  <[email protected]> wrote:
> >>  - Applied Eric Hauser's patch fixing CORE-ISSUE-22
> >>   "Support for environment variables in resource URI"
>
> >
>


-- 
Jono

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Castle Project Development List" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/castle-project-devel?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to