Re: Stack walk
From: Michel Gallant \(MVP\) (neutron_at_istar.ca)
Date: 05/29/03
- Next message: Zeng: "source code protection"
- Previous message: Shawn Farkas [MS]: "Re: Eavesdrop on call stack - peeking at variable values in a running process using the VS.NET IDE"
- In reply to: Shawn Farkas [MS]: "Re: Stack walk"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 May 2003 15:11:21 -0400
Yes, Assert is *extremely* dangerous, and any developer who uses it
should, in the words of Keith Brown in "Security in .NET: Enforce Code Access Rights...":
"get a jury of your peers to review any use of the feature ."
It might look like your Assert can not leverage your code for mal-use, but
it is often tricky seeing what COULD happen.
See also the good advice in Michael Howard's "Writing Secure Code 2nd Edn.":
Ch. 18, p. 545 "Overzealous Use of Assert".
- Mitch
"Shawn Farkas [MS]" <shawnfa@online.microsoft.com> wrote in message
news:OEQuqggJDHA.2208@TK2MSFTNGP11.phx.gbl...
> Hi Doman,
>
> 1) You are correct ... without a stack walk, then any code that, for
> instance, wanted to read a file could, since the System.IO classes wouldn't
> know the trust level of their callers. (This assumes the NTFS permissions
> are set such that the code had permissions to read the file.)
>
> 2) Assert is extremely dangerous. It is useful to get at a privileged
> operation that you need to perform your work, and you know that your code
> can never be tricked into calling the privileged code by a malicious
> assembly. For instance, if you write a graphing control, and you write out
> the color of the graph to draw to a text file, you might assert
> FileIOPermission to read that text file, so that you can get at your data.
> If you were positive that there was no way for anyone using your control to
> trick you into reading another file and somehow accessing this data, then
> this would be a good use of Assert. When you use Assert, it is generally a
> good idea to do a RevertAssert as soon as you don't need to disable the
> checking for the permissions you Asserted.
>
> -Shawn
>
> "Doman Maciejko" <doman.is@home.se> wrote in message
> news:OMna83bJDHA.1360@TK2MSFTNGP10.phx.gbl...
> >I have two questions.
> >
> > The level of trust to a unique assembly is defined in the permission set.
> > The permission set is therefore of high importance. The system then uses
> > the
> > permisson set when the stack walk matches the level of trust of a certain
> > caller to the protected operation which is called.
> >
> > Now I wonder. Could you say that the stack walk is crucial, without the
> > stack walk no security actions could be applied?
> > The stack walk can be turned off (assert). Could you say that you to some
> > part get unsecure and should be extra carefull?
> >
> > /Doman
> >
> >
>
>
- Next message: Zeng: "source code protection"
- Previous message: Shawn Farkas [MS]: "Re: Eavesdrop on call stack - peeking at variable values in a running process using the VS.NET IDE"
- In reply to: Shawn Farkas [MS]: "Re: Stack walk"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
