Re: Securely Calling Unknown Assembly

From: Shel Blauman [MSFT] (sheldonb_at_online.microsoft.com)
Date: 11/21/03 

Date: Fri, 21 Nov 2003 08:21:00 -0800

You can run the assembly in an AppDomain with a restricted grant set, but
done properly it's a bit of a chore. My preference is to run my trusted app
in a folder I've granted all permission to but Assert, then using a
combination of PermitOnly and Deny to restrict permissions for called code.
You need to run in an assert-free environment to prevent luring attacks from
untrusted libraries that assert permissions they want, such as
FileIOPermission. Just create a permission set that has all permissions but
assert, then create a code group using URL membership condition that grants
that permission set to the folder you'll be running in. That technique lets
you use Intellisense to develop your code without the bother of using
reflection.

Shel 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Paul Wheeler" <pmw4328@rit.edu> wrote in message
news:elhEcIAsDHA.2444@TK2MSFTNGP12.phx.gbl...
> I have a program for which I want to be able to load preset.  A preset is
> essentially an Assembly which contains a class which inherits from a
> provided base class.  I load the assembly from the dll file, and
instantiate
> the class using reflection.  Obviously I don't want a preset doing
something
> like viewing/editing/deleting files, since a preset could come from
> anywhere.  So, the question is, Is it possible to specify that the
Assembly
> should be treated as being under a more restricted policy, such as
internet,
> even though it's stored on the local hardrive.  The only solution I've
come
> up with is to wrap every call to the Assembly in deny or permitonly calls
> (which is a real pain).  Is there a simpler solution?
>
> Thanks Much,
> -Paul Wheeler
>
>

Relevant Pages

  • Re: security/strong name/zones clarification needed
    ... Does the Assert code go in its ... >>this AppDomain needs to be setup before your assembly can ... >>will recieve the permission grant you expect (in this ... All my assemblies are strong named. ...
    (microsoft.public.dotnet.security)
  • Re: Identity Permission and Code Access Permission classes
    ... I'm working on a several-part blog series on Assert ... however a lot of the concepts will apply to the other stack modifiers as well. ... >Subject: Re: Identity Permission and Code Access Permission classes ... and you want to protect its contents from modification by ...
    (microsoft.public.dotnet.security)
  • Re: Code Acess Security
    ... Assert is used to prevent a stack walk. ... - My assembly is granted permission A as well as the permission to Assert ... Note that there are some major assemblies in the ...
    (microsoft.public.dotnet.security)
  • Re: security exception for aspx page
    ... You can't just inherit, you have wrap. ... assert each permission that their code demands in order to block the stack ... you just create a permission object of the same type that is ... or just a class that delegates the functions to 3rd party control ...
    (microsoft.public.dotnet.security)
  • Re: Use of Unrestricted flag ???
    ... If we aply to an asembly a security permission that means that we would like ... forcely to restrict from one way or an other. ... Also, in the particular case of FileIOPermission, choosing an assembly-level permission attribute can be tricky since the paththe application needs to use may only be known at runtime. ... a RequestOptional for unrestricted FileIOPermission may be the best of a less than ideal set of choices if one is attempting to develop a least CAS privilege application. ...
    (microsoft.public.dotnet.security)