Browse by Tags

Tagged Content List
  • Blog Post: CLR v4 Security Policy Roundup

    Over the last few weeks we’ve been taking a look at the updates to the CLR security policy system in the v4 release of the .NET Framework. Here’s a quick index of those topics: Overview Security Policy in the v4 CLR Sandboxing in .NET 4.0 Updating code to work with the new model ...
  • Blog Post: Temporarily re-enabling CAS policy during migration

    Over the last few weeks we’ve been looking at the changes to security policy in .NET 4, namely that security policy is now in the hands of the host and the operating system. While we’ve looked at how to update code that implicitly uses CAS policy , loads assemblies from remote sources , and explicitly...
  • Blog Post: Coding with Security Policy in .NET 4 part 2 – Explicit uses of CAS policy

    Over the last few posts, I’ve been looking at how the update to the CLR v4 security policy interacts with how you write managed code against the v4 .NET Framework.  So far we’ve looked at the implicit uses of CAS policy, such as loading assemblies and creating AppDomains with Evidence and loading...
  • Blog Post: More Implicit Uses of CAS Policy: loadFromRemoteSources

    In my last post about changes to the CLR v4 security policy model, I looked at APIs which implicitly use CAS policy in their operation (such as Assembly.Load overloads that take an Evidence parameter), and how to migrate code that was using those APIs.   There are another set of assembly loads...
  • Blog Post: CLR 4 Security on Channel 9

    A while back I did an interview with Charles Torre   about the changes to security in CLR v4, and he posted it to the Channel 9 videos site yesterday. I start out talking about the security policy changes I've been covering here over the last week, and then transition into an overview of some of...
  • Blog Post: Coding with Security Policy in .NET 4.0 – Implicit uses of CAS policy

    Last week we looked at sandboxing and the v4 CLR – with the key change being that the CLR now defers exclusively to the host application when setting up sandboxed domains by moving away from the old CAS policy model, and moving instead to simple sandboxed AppDomains. This leads to an interesting situation...
  • Blog Post: Sandboxing in .NET 4.0

    Yesterday I talked about the changes in security policy for managed applications , namely that managed applications will run with full trust - the same as native applications - when you execute them directly. That change doesn’t mean that managed code can no longer be sandboxed however - far from...
  • Blog Post: Security Policy in the v4 CLR

    One of the first changes that you might see to security in the v4 CLR is that we’ve overhauled the security policy system.  In previous releases of the .NET Framework, CAS policy applied to all assemblies loaded into an application (except for in simple sandbox domains ). That lead to a lot of interesting...
  • Blog Post: Strong Name Bypass

    Many managed applications start up slower than they really need to because of time spent verifying their strong name signatures. For most of these applications, the strong name verification isn't buying the application anything - especially fully trusted desktop applications that are using C# as a better...
  • Blog Post: FullTrust on the LocalIntranet

    We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default grant set for applications launched from the LocalIntranet zone. The quick summary is that as of .NET 3.5 SP1, applications run from a network share will receive a grant set of FullTrust by default, making...
  • Blog Post: Manifested Controls Redux

    Last year, I made a series of posts about a new feature available in the betas of .NET 3.5 which enabled you to specify declaratively the set of permissions that IE hosted managed controls should run with. Since the betas there have been a couple of tweaks to the manifest control model, so those posts...
  • Blog Post: Avoiding Assembly Level Declarative Security

    I've written in the past about the three assembly level declarative security actions : RequestMinimum, RequestOptional, and RequestRefuse. Although the CLR has supported these since v1.0, I tend to stay away from using them as much as I possibly can, and also recommend that others avoid them as well...
  • Blog Post: Bypassing the Authenticode Signature Check on Startup

    A while back I wrote about the performance penalty of loading an assembly with an Authenticode signature . The CLR will attempt to verify the signature at load time to generate Publisher evidence for the assembly. However, by default most applications don't need Publisher evidence. Standard CAS policy...
  • Blog Post: Loading an Assembly as a Byte Array

    One of the various ways that you can load an assembly is by supplying the raw bytes of an assembly as a byte array. The security identity of an assembly loaded this way turns out to be different than if you were to load the same assembly by name or by file. In the case that you load an assembly with...
  • Blog Post: Using the MMC Snap-In to Configure 64 Bit CAS Policy

    The .NET Framework SDK ships with a MMC Snap-In which enables you to, among other things, avoid using caspol to modify your local security policy. Since each runtime installed on your machine has independent security policy , the MMC Snap-In will only modify policy for the version of the CLR it is running...
  • Blog Post: Specifying Permissions for IE Controls in Orcas

    One of my most read blog posts (and one of the reasons I created this blog in the first place -- to answer what was one of the most asked questions on the old .NET Security newsgroup), is my post about granting managed controls hosted in IE extra permissions . If you need to have a managed control run...
  • Blog Post: Enumerating Evidence

    The Evidence class supports being enumerated in three different ways: GetAssemblyEnumerator GetHostEnumerator GetEnumerator The first two are pretty self explanatory, enumerating over the evidence that the assembly supplied itself , or over the evidence supplied by the CLR and it's hosting application...
  • Blog Post: Assembly Provided Evidence

    We all know that the CLR provides many types of evidence to assemblies and AppDomains by default, but one feature of the runtime that's much less known is that assemblies can actually provide evidence of their own. This seems to be one of the best kept secrets in CLR security, the only mention of it...
  • Blog Post: Evidence Must Be Serializable

    The Evidence object acts as a collection for any sort of object that you want to add as evidence for an assembly or AppDomain. (It can get confusing because there is both an Evidence class and objects used as evidence. I'll capitalize the first one to disambiguate between them). Both the AddHost and...
  • Blog Post: new NamedPermissionSet

    Every once in a while I find some code doing something similar to this: new NamedPermissionSet ( "LocalIntranet" ).Assert(); // ... call some API that requires Intranet permissions here CodeAccessPermission .RevertAssert(); At best this code is confusing to people reading it, and at worse...
  • Blog Post: Relative URL Membership Conditions

    Caspol will allow you to setup a URL membership condition with a relative URL by using a command such as: caspol -ag 1. -url Foo.dll Internet -exclusive on This command probably doesn't do exactly what you would expect though. Namely, it does not resolve the location of foo.dll when you run...
  • Blog Post: What Evidence does Internet Explorer Give an Assembly

    One of the reasons I started this blog was to have a permanent record of a question I used to see on the old microsoft.public.dotnet.security newsgroup about providing extra trust for an Internet Explorer hosted assembly . In that post I mentioned that IE doesn't have the strong name or Authenticode...
  • Blog Post: Sandboxed Applications Can’t Elevate Their Own Permissions

    Every once in a while someone will ask how they can do something similar to these caspol commands from within their application. Generally, they want their application to be deployed from the Internet or a file share and don’t want users to have to deal with setting up CAS policy properly to get the...
  • Blog Post: Every CLR has Independent CAS Policy

    It’s relatively easy to find a set of instructions for using caspol or Admin UI to provide a CAS elevation for some managed code that’s hitting security exceptions. However, using the directions correctly gets complicated when multiple runtimes are on the machine. The reason is that each CLR has its...
  • Blog Post: SSCLI Zone Mappings

    My previous post is begging the question "so what is the SSCLI's zone mapping policy?" It's actually quite simple, the source for SecurityPolicy::QuickGetZone in clr\src\vm\securitypolicy.cpp shows that SSCLI maps a URL to: NoZone if the URL is NULL MyComputer if the URL is a file URL ...
Page 1 of 2 (35 items) 12