David Notario has started up a blog ... he's one of the x86 JIT devs, and (since his office is right next door), is always the guy I go to when I need an issue about how the x86 JIT or the x86 JIT verifier works. His first post covers the phases of JIT...

Taking a break from sandboxing in an AppDomain for a minute, lets take a look at another aspect of policy. One situation that comes up very frequently when trying to execute code in a limited-trust sandbox is that there are some assemblies that you do...

Oftentimes in an application, it's necessary to run untrusted code. The CLR lets you do this safely by placing the code in its own AppDomain and sandboxing the AppDomain to have a limited set of permissions. Usually setting up the AppDomain with the Internet...

There are several named permission sets defined by default in the CLR security policy: FullTrust SkipVerification Execution Nothing LocalIntranet Internet Everything These sets are used to create the default policy, however there's nothing stopping any...

On Monday I wrote about how to recover CasPol to a usable state , if you've modified the security policy to disallow CasPol permission to run. My instructions included deleting %WINDIR%\Microsoft.Net\Framework\v x.y.zzzz \config\Security.config and Security...

The November 2004 issue of MSDN magazine is available online now, and it includes the first article I've ever had published. I co-authored this month's Trustworthy Code article, Exchange Data More Securely with XML Digital Signatures and Encryption with...

CasPol is written in managed code, and as such is subject to the CLR's security policy system just like any other piece of managed code. Generally this is not a problem for it, since it is granted FullTrust by two separate code groups in the default policy...

Brian Grunnkmeyer recently posted a good piece on how FileIOPermission deals with file and path canonicalization. Brian wrote a large chunk of the base class library , and contributed to the SLAR . Its a good read if you want to know how FileIOPermission...

I received a question recently about my post on Checking for a Valid Strong Name Signature . The person who was using the code I presented there to run some tests under NUnit . The format of the tests was to use the Microsoft.Win32.Registry classes to...

On my home machine, and one of my office machines I log in as a normal user , and only elevate to an account with admin status when installing software, or doing other maintenance. Needless to say, doing that creates problems with various programs that...

Mike Stall is one of the devs on our base services team, and his focus is on managed debugging. I played football with Mike 4 flag football seasons back, but generally don't need to work directly with him since the debugger and security don't have very...

(updated 12/3/04, pointed to the newly refactored source ) It's been nearly two months since the last update to my managed sn.exe port , so its long-past overdue for some new features. This update implements the various key container features that are...