Is calling process.start a security risk from an azure worker role?

Question

We have a worker role in Azure which uses Process.Start to kick off a background process (which hosts a native application we need to run)

FxCop gives me a whole load of CA2122 errors due to a link demand. When I tried to add this attribute:

[PermissionSet(SecurityAction.LinkDemand, Name = "FullTrust")]

I then started to get CA2135 instead, the solution to which seems to be to add the SecurityCritical attribute instead.

But then I get the CA2122 again.

Are either of these things an issue? Under what circumstances could they be and how can I be sure that I'm not introducing a security problem?

Answer 1

SecurityCritical should perform an equivalent role as a LinkDemand for full trust:

The SecurityCriticalAttribute is equivalent to a link demand for full trust. A type or member marked with the SecurityCriticalAttribute can be called only by fully trusted code; it does not have to demand specific permissions. It cannot be called by partially trusted code.

Ergo, I'd suggest adding SecurityCritical (to fulfil the needs for CA2135) and suppress the CA2122, which is presumably just Microsoft forgetting to account for their newer solution in their code analysis.

The objective of CA2122 is to ensure that the method...

no longer provides unsecured access to the link demand-protected member.

This isn't the case once SecurityCritical is added (which ensures the member can be called only by fully trusted code), so the second CA2122 is a false positive.