Re: Is it secure to not refuse permissions in a non-referenced assembly?

From: Shel Blauman [MSFT] (sheldonb_at_online.microsoft.com)
Date: 09/11/03

  • Next message: Eugene V. Bobukh [MS]: "Re: Is it secure to not refuse permissions in a non-referenced assembly?"
    Date: Thu, 11 Sep 2003 12:56:31 -0700
    
    

    You could do a PermitOnly on the permissions your assembly uses. That
    implicitly denies the permissions it does not require.

    Shel

    -- 
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
    "Keith Patrick" <richard_keith_patrick@hotmail.com> wrote in message
    news:%234Kz0rJeDHA.3024@tk2msftngp13.phx.gbl...
    > If I want to refuse all unnecessary permissions, should I add references
    to
    > those permissions that aren't even referenced in my project?  I know the
    > idea is to be able to permview an assembly and know that it can't, for
    > instance, query a database, but if I do not reference the assembly that
    > would allow that, I would think that I can prove that my app doesn't query
    a
    > DB just by looking at its referenced assemblies.  On the other hand, I
    > realize that I could conceivably load the assembly dynamically and invoke
    a
    > method call that way.  But if that is true, then I would have to add
    > references to several assemblies I don't use just to refuse all 19
    built-in
    > permissions.
    >
    >
    

  • Next message: Eugene V. Bobukh [MS]: "Re: Is it secure to not refuse permissions in a non-referenced assembly?"

    Relevant Pages

    • Re: Reason behind implicit FullTrust LinkDemand?
      ... The removal of permissions from the Internet Zone or the ... time to protect the System* assemblies from this attack. ... the security holes are patched. ... The knew the LinkDemand would be a fix. ...
      (microsoft.public.dotnet.security)
    • Reason behind implicit FullTrust LinkDemand?
      ... The .NET Framework assemblies ... One may counter argue that the implicit FullTrust ... LinkDemand just forces users to grant full trust to code that doesn't really ... permissions describing custom actions allowed or not in the system. ...
      (microsoft.public.dotnet.security)
    • Re: security/strong name/zones clarification needed
      ... Was this also true in the Intranet Zone? ... >child code-group with full permissions granted to any ... >> needs to host the CLR, it creates an AppDomain, but due ... All my assemblies are strong named. ...
      (microsoft.public.dotnet.security)
    • Re: security/strong name/zones clarification needed
      ... several but not publicly documented) about child code-group permissions ... a strong-name, or Authenticode signature evidence. ... This problem would also crop up in the AppDomain case also. ... All my assemblies are strong named. ...
      (microsoft.public.dotnet.security)
    • Re: How to use SecurityAction.RequestMinimum for UnmanagedCode
      ... You can perform a simple test to see what permissions are granted to ... Hopefully this will help you with the security policy grant set that your ... assembly will receive when running from that zone. ... I have used a one touch install that gives assemblies signed> with our key full trust. ...
      (microsoft.public.dotnet.security)