Re: Strong Name - verification using StrongNameIdentityPermission

From: Ram (pyasa_at_hotmail.com)
Date: 06/27/03

  • Next message: C#: "SSL SOCKETS in .NET"
    Date: Thu, 26 Jun 2003 18:14:31 -0700
    
    

    Hi Eugene
    Thanks for pointing that out. That does pose a small security risk that I
    will have to handle.

    A little note about the code sample that I had posted last time around - it
    uses the Security exception to build the stack. It appears as though this
    stack contain only those frames that occur between the current frame and the
    actual frame where the exception is raised. It doesn't include the frames
    below the current frame(I checked this with a console application). Hence
    the code doesn't seem to work as expected. So the exception handler should
    look like:
        bRet = VerifyStack(NULL);

    instead of

        StackTrace* theStack = new StackTrace(exp);
        bRet = VerifyStack(theStack);
    thanks
    Ram

    "Eugene V. Bobukh [MS]" <eugenebo@online.microsoft.com> wrote in message
    news:%237yGZdAPDHA.2228@tk2msftngp13.phx.gbl...
    > Just came to my mind. There is one thing you should be aware of, it's
    called
    > Skip Verification List and contains a list of assemblies and public key
    > tokens that are not StrongName verified upon loading. If this list
    contains
    > entries that match Microsoft assemblies, a hacker can create spoofed
    > assembly that would "posess" MS public key & token and would be able to
    run.
    > Thus, before running your code, you need to check this list. It could be
    > done via "sn.exe -Vl" command, or by looking at the registry key
    > "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\StrongName\Verification".
    >
    > Normally, however, this list is empty, and to add something to it you need
    > to be an Admin on the machine, so the danger is very small actually.
    >
    > --
    >
    > Eugene V. Bobukh
    >
    > This message is provided "AS IS" with no warranties, and confers no
    rights.
    > Any opinions or policies stated within it are my own and do not
    necessarily
    > constitute those of my employer.
    >
    > ----
    >
    > "Eugene V. Bobukh [MS]" <eugenebo@online.microsoft.com> wrote in message
    > news:OZ6C6U7ODHA.2244@TK2MSFTNGP11.phx.gbl...
    > > Ram,
    > >
    > > To me it looks like a very nice solution, very close to what I was
    > thinking
    > > [actually, I was looking into StackTrace class, too, but apparently
    missed
    > > some of its cool capabilities :)]. I think you can go with it.
    > >
    > >
    > > --
    > >
    > > Eugene V. Bobukh
    > >
    > > This message is provided "AS IS" with no warranties, and confers no
    > rights.
    > > Any opinions or policies stated within it are my own and do not
    > necessarily
    > > constitute those of my employer.
    > >
    > > ----
    > >
    > >
    > > "Ram" <pyasa@hotmail.com> wrote in message
    > > news:%23Ut5TN4ODHA.1552@TK2MSFTNGP10.phx.gbl...
    > > > Eugene
    > > > thanks for replying.
    > > >
    > > > I found a solution that seems to work, though I havent tested it
    > > thoroughly.
    > > > The sample code below includes code for checking permissions even if
    the
    > > > Security is disabled by the admin.
    > > >
    > > > bool SecureData::ValidateCaller()
    > > > {
    > > > bool bRet = false;
    > > > if( !SecurityManager::SecurityEnabled)
    > > > {
    > > > //Do the full stack walk
    > > > bRet = VerifyStack(NULL);
    > > > }
    > > > else
    > > > {
    > > > StrongNameIdentityPermission* thePerms = new
    > > > StrongNameIdentityPermission(PublicKey, NULL, NULL);
    > > > try
    > > > {
    > > > thePerms->Demand();
    > > > bRet = true;
    > > > }
    > > > catch( SecurityException* exp)
    > > > {
    > > > //Do it the hard way - partial stack walk
    > > > StackTrace* theStack = new StackTrace(exp);
    > > > bRet = VerifyStack(theStack);
    > > > }
    > > > }
    > > > return bRet;
    > > > }
    > > > bool SecureData::VerifyStack(StackTrace* theStack)
    > > > {
    > > > bool bRet = false;
    > > > try
    > > > {
    > > > Byte __pin * pinnedKey1 = NULL;
    > > > Byte __pin * pinnedKey2 = NULL;
    > > > if( theStack == NULL)
    > > > {
    > > > theStack = new StackTrace(false);
    > > > }
    > > > for( int i = 0; i < theStack->FrameCount; i++)
    > > > {
    > > > StackFrame* curFrame = theStack->GetFrame(i);
    > > > Assembly* theAsm = curFrame->GetMethod()->DeclaringType->Assembly;
    > > > Byte curKey[] = theAsm->GetName()->GetPublicKeyToken();
    > > > pinnedKey1 = &curKey[0];
    > > > pinnedKey2 = &myPubKeyToken[0];
    > > > bRet = (memcmp( pinnedKey1, pinnedKey2, 8) == 0);
    > > > if( !bRet)
    > > > {
    > > > //check if its MS library
    > > > pinnedKey2 = &msPubKeyToken[0];
    > > > bRet = (memcmp( pinnedKey1, pinnedKey2, 8) == 0);
    > > > }
    > > > if( !bRet)
    > > > {
    > > > throw new Exception( "Failed");
    > > > }
    > > > }
    > > > }
    > > > catch( Exception* exp)
    > > > {
    > > > bRet = false;
    > > > }
    > > > return bRet;
    > > > }
    > > >
    > > >
    > > > Is there any problems in this implementation that Im not aware of?
    > > > thanks
    > > > Ram
    > > > "Eugene V. Bobukh [MS]" <eugenebo@online.microsoft.com> wrote in
    message
    > > > news:ukYacN2ODHA.1072@TK2MSFTNGP10.phx.gbl...
    > > > > Ram,
    > > > >
    > > > > Unfortunately, it's not so easy to do in 1.1. Initially, I was
    > thinking
    > > > > about using the information stored in SecurityException, but in 1.1
    it
    > > > does
    > > > > not provide everything what is needed to uniquely identify the
    caller.
    > > > Other
    > > > > classes like StackTrace are not sufficient either. Sorry for
    > misleading
    > > > > answer, initially I though it would be easlier.
    > > > >
    > > > > Apparently, the only way to get the calling assembly information is
    to
    > > > call
    > > > > some internal API that are used in Security engine. I'll do some
    > > research
    > > > to
    > > > > see if it's possible, but even if so, this solution is far from
    nice.
    > > > >
    > > > > Meanwhile, is there any way to reach your goals without doing a full
    > > > Demand
    > > > > for StrongNameIdentityPermission?
    > > > >
    > > > > --
    > > > >
    > > > > Eugene V. Bobukh
    > > > >
    > > > > This message is provided "AS IS" with no warranties, and confers no
    > > > rights.
    > > > > Any opinions or policies stated within it are my own and do not
    > > > necessarily
    > > > > constitute those of my employer.
    > > > >
    > > > > ----
    > > >
    > > >
    > >
    > >
    >
    >


  • Next message: C#: "SSL SOCKETS in .NET"