Re: Stack walk

From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: 05/29/03


Date: Thu, 29 May 2003 10:31:39 -0700


Hi Doman,

1) You are correct ... without a stack walk, then any code that, for
instance, wanted to read a file could, since the System.IO classes wouldn't
know the trust level of their callers. (This assumes the NTFS permissions
are set such that the code had permissions to read the file.)

2) Assert is extremely dangerous. It is useful to get at a privileged
operation that you need to perform your work, and you know that your code
can never be tricked into calling the privileged code by a malicious
assembly. For instance, if you write a graphing control, and you write out
the color of the graph to draw to a text file, you might assert
FileIOPermission to read that text file, so that you can get at your data.
If you were positive that there was no way for anyone using your control to
trick you into reading another file and somehow accessing this data, then
this would be a good use of Assert. When you use Assert, it is generally a
good idea to do a RevertAssert as soon as you don't need to disable the
checking for the permissions you Asserted.

-Shawn

"Doman Maciejko" <doman.is@home.se> wrote in message
news:OMna83bJDHA.1360@TK2MSFTNGP10.phx.gbl...
>I have two questions.
>
> The level of trust to a unique assembly is defined in the permission set.
> The permission set is therefore of high importance. The system then uses
> the
> permisson set when the stack walk matches the level of trust of a certain
> caller to the protected operation which is called.
>
> Now I wonder. Could you say that the stack walk is crucial, without the
> stack walk no security actions could be applied?
> The stack walk can be turned off (assert). Could you say that you to some
> part get unsecure and should be extra carefull?
>
> /Doman
>
>



Relevant Pages

  • Stack walk
    ... The level of trust to a unique assembly is defined in the permission set. ... The permission set is therefore of high importance. ... Could you say that the stack walk is crucial, ...
    (microsoft.public.dotnet.security)
  • Re: Stack walk
    ... Yes, Assert is *extremely* dangerous, and any developer who uses it ... >> The level of trust to a unique assembly is defined in the permission set. ... Could you say that the stack walk is crucial, ... >> stack walk no security actions could be applied? ...
    (microsoft.public.dotnet.security)
  • Re: Loading managed code from unmanaged application residing on a share
    ... > call .Asserton that permission set ... be used with Assert, Deny or PermitOnly stack modifiers, because they ... > In order to stop the stack walk, you can assert the permissions that are ...
    (microsoft.public.dotnet.security)
  • Re: Strong Name - verification using StrongNameIdentityPermission
    ... First I did try doing the assert in the method ... Is there a way to check at runtime if the security is turned off? ... How can I do the stack walk mayself so that security for my library is ... What you need to do is move your demand call into another ...
    (microsoft.public.dotnet.security)
  • Re: Code Acess Security
    ... Assert was intended to allow fully trusted code such as that in a library to ... they can launch a luring attack by asserting any permission they ... You shouldn't be calling libraries you don't trust, ... You can create a sandbox like that by creating a permission set that ...
    (microsoft.public.dotnet.security)