.NET Security Blog

Finishing up this week's strong name theme, here's a few observations to make about the raw signatures that we figured out how to dump on Wednesday : You can figure out the size of the key used to sign an assembly based upon the size of the signature...

Wow ... there's been lots of interest in signatures lately :-) In response to my last post about reserving a larger section of the PE file for the signature when you create a signature with a larger key, William wants to know if you can extract the actual...

Shri started up a blog today , joining David as members of the JIT team on MSDN blogs. His first post is on how the x86 JIT implements a tail call ... and why its not as fast as it could be. Now that Shri has a blog, the percentage of people in my hallway...

In response to last Friday's post about creating a key that's longer than 1024 bits, Nicole wondered if anyone had tried doing this, and what the results might be. I just created a 16,384 bit key on beta 1 of the framework (confirming Eugene's time estimate...

A while back, I wrote about using the StrongNameKeyGenEx API to generate keys to sign assemblies with. That API lets you pass in a dwKeySize parameter to specify the number of bits to generate in the key. If you're calling the API from your own code,...

The Smart Client Developer Center on MSDN is running an overview of ClickOnce and comparing it to MSI . One of the areas where ClickOnce comes out on top is security sandboxing (or permission elevation, depending on how you look at it). Looking closely...

Mike's got an interesting piece up today about using WinDbg to find the actual call stack of an unmanaged (or managed for that matter) exception . It's this kind of power debugging technique that makes WinDbg my all time favorite debugger.

Executing the following code: PermissionSet ps = new PermissionSet(PermissionState.Unrestricted); Console.WriteLine("Before Removing Permissions:"); Console.WriteLine(ps.ToXml().ToString()); ps.RemovePermission( typeof (RegistryPermission)); Console.WriteLine...

Windows Forms has a feature that allows you to use an ActiveX control on your managed form. All you have to do is add the control to your toolbox, and VS takes care of the rest behind the scenes. But this feature has a bit of a problem when it comes to...

Since network shares by default only get LocalIntranet permissions, it's relatively common to want to use CasPol to fully trust some shares that you control and know are safe. However, CasPol syntax being what it is, the command to do this isn't immediately...

I'm going to be on vacation until the end of December, so this blog will be going dark for about a week and a half. It'll be nice to get away for a while, especially since I haven't taken a vacation since last December ... I'm definitely looking forward...

This issue (and its cousin: Why Do I Still Get an Exception Accessing the Registry with Full RegistryPermission?) come up fairly frequently on the newsgroups. The reasoning is actually very simple. The exception being thrown in these cases arises from...

I've gotten quite a few questions from this blog over the past several months. And although I can't answer all of them, here's some quick answers to some of the more common ones. If you do have more questions, its usually best to post them in the comments...

Yesterday , I showed an alternate to the shim method of gracefully failing from an assembly using an AppDomainManager . However, as David pointed out this method isn't particularly useful if you're going to be using it to detect failure to load your main...

The last two days we worked on a shim application that allowed us to handle gracefully the condition where a program's main assembly will not load due to declarative security issues . While we were definitely able to improve on the shim yesterday, there...

Yesterday we developed a simple Shim application in order to fail gracefully when our application's entry assembly doesn't have enough permission to meet its minimum grant set, and therefore won't be loaded. However, there were quite a few problems with...

Last week, when I posted about failing to run in partial trust gracefully , the method I showed only worked if your main assembly could be loaded. However, if it has a minimum permission request that cannot be satisfied, your main method won't ever be...

I've completed refactoring the Managed StrongName project , and I've uploaded the new sources. The changes I made were all pretty much what I laid out in the previous post. We now have two modules built, msn.exe which is a thin wrapper around MS.StrongName...

1 using System; 2 using System.Diagnostics; 3 using System.Globalization; 4 using System.IO; 5 using MS.StrongName.Native; 6 7 namespace MS.StrongName 8 { 9 /// < summary > 10 /// Class that exposes the managed StrongName API for dealing with signatures...

1 using System; 2 using System.Diagnostics; 3 using System.Globalization; 4 using System.IO; 5 using System.Security; 6 7 namespace MS.StrongName 8 { 9 /// < summary > 10 /// KeyFile I/O methods 11 /// </ summary > 12 public static class KeyFile...

1 using System; 2 3 namespace MS.StrongName 4 { 5 /// < summary > 6 /// Key stores available for use 7 /// </ summary > 8 public enum KeyStore 9 { 10 /// < summary > 11 /// Machine wide key store 12 /// </ summary > 13 Machine...

1 using System; 2 using System.Diagnostics; 3 using System.Globalization; 4 using System.Runtime.InteropServices; 5 using System.Security; 6 using Microsoft.Win32; 7 using MS.StrongName.Native; 8 9 namespace MS.StrongName 10 { 11 /// < summary >...

1 BadFile=Invalid file specified: {0} 2 BadOperation=Error completing operation: {0} 3 CouldNotOpenMachineStoreKey=Could not open the strong name configuration key 4 InternalError=Internal error processing request 5 InvalidAssemblyName=Invalid assembly...

1 using System; 2 3 namespace MS.StrongName 4 { 5 /// < summary > 6 /// Constants for the configuraiton registry keys 7 /// </ summary > 8 internal static class Registry 9 { 10 /// < summary > 11 /// Name of the registry key under HKLM...

1 using System; 2 using System.Diagnostics; 3 using System.IO; 4 using System.Security; 5 using System.Runtime.InteropServices; 6 using MS.StrongName.Native; 7 8 namespace MS.StrongName 9 { 10 /// < summary > 11 /// General-purpose utility methods...