Re: sn.exe -Vr assembly

From: Nicole Calinoiu (calinoiu)
Date: 01/20/05

Next message: Gecko: "Re: sn.exe -Vr assembly"

Previous message: Gecko: "Re: CSP and Strong Name Key"
In reply to: Gecko: "sn.exe -Vr assembly"
Next in thread: Gecko: "Re: sn.exe -Vr assembly"
Reply: Gecko: "Re: sn.exe -Vr assembly"
Reply: Shawn Farkas [MS]: "Re: sn.exe -Vr assembly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 20 Jan 2005 15:09:07 -0500

"Gecko" <nada@nada.com> wrote in message
news:%23ZYPKLy$EHA.2804@TK2MSFTNGP15.phx.gbl...
> Is it possible for a hacker to run the strong name utility on a client
> computer with the -Vr parameter to skip verification of *signed*
> assemblies installed in the client computer rendering my whole strong name
> security scenario useless?

Yup. CAS can also be disabled entirely, which is an even easier way to
disable strong name identity verifications. What exactly is the goal of
your "strong name security scenario"? If you provide some more details,
perhaps someone could suggest an alternate approach.

> Since most people are usually logged as Administrators, if I was a
> disgruntled ex-employee and wanted to do some damage to my ex-employer, it
> seems to me like if I could run the sn.exe utility on the client computer
> to skip verification of the assemblies that I know my employer distributes
> and replace them with my own and I could easily cause some good damage in
> the name of my ex-employer.

If you dig deeper than the MSDN documentation (which, I agree, you shouldn't
have to <g>), you'll find that Microsoft folks don't much seem to care about
scenarios where administrators aren't considered trustworthy. That said, in
a single-authorization system, there's no way to completely protect against
a malicious admin. However, one might argue that this particular form of
meddling should be a great deal more difficult than it presently is.

> I am still too new to this strong naming thing so forgive me if the
> question is a silly one, thanks.
>
>

Next message: Gecko: "Re: sn.exe -Vr assembly"

Previous message: Gecko: "Re: CSP and Strong Name Key"
In reply to: Gecko: "sn.exe -Vr assembly"
Next in thread: Gecko: "Re: sn.exe -Vr assembly"
Reply: Gecko: "Re: sn.exe -Vr assembly"
Reply: Shawn Farkas [MS]: "Re: sn.exe -Vr assembly"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Remote Desktop Access
... client computer. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... |> client computer, they are Server OS or XP client? ...
(microsoft.public.windows.server.sbs)
RE: Client setup wizard not working
... You have client computer that have different languages with SBS server. ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
Re: SBS 2003 Rebuild: How to migrate domain, clients and user prof
... If you can log on to the workstation with cached login then you can ... >the client computer. ... >> Thank you for posting to the SBS Newsgroup. ... Make sure the client computer object for this client is ...
(microsoft.public.windows.server.sbs)
RE: SBS 2003 Rebuild: How to migrate domain, clients and user profiles
... Thank you for posting to the SBS Newsgroup. ... Though the new SBS server name and the Domain ... I suggest that we can perform following steps on one problematic client ... Run "Setup Client Computers" wizard to create a new client computer ...
(microsoft.public.windows.server.sbs)
Re: Clients cant remote desktop
... client computer from SBS and you can RDP to SBS from client computer after ... Accessories and Communications and Remote Desktop Connection from the ...
(microsoft.public.windows.server.sbs)