Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.
DBSS CLR Security alarms fire for user defined assemblies
설명
Redundant CLR security alarms fire for system CLR assemblies
원인
The collection retrieves data system and user defined assemblies.
해결 방안
WORKAROUND None
STATUS Defect ID FOG-7316 has been logged to filter the collection to only retrieve user defined CLR assemblies. This is planned for a future release of the SQL Server cartridge.
결함 ID
FOG-7316
추가 정보
According to Microsoft, this might explain why it is is firing for SQL Server, "CLR uses Code Access Security (CAS) in the .NET Framework is no longer supported as a security boundary.
A CLR assembly created with PERMISSION_SET = SAFE may be able to access external system resources, call unmanaged code, and acquire sysadmin privileges.
Beginning with SQL Server 2017 (14.x), an sp_configure option called CLR strict security is introduced to enhance the security of CLR assemblies. CLR strict security is enabled by default, and treats SAFE and EXTERNAL_ACCESS assemblies as if they were marked UNSAFE. The CLR strict security option can be disabled for backward compatibility, but this is not recommended"