All About Assert Part I: What Assert Actually Doeshttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspxThere are several common misconceptions about the Assert stack modifier, not the least of which are: Assert changes an assembly's permission grant Assert is just a perf optimization You don't need the permissions that you're Asserting in order to effectivelyen-USCommunityServer 2.1 SP1 (Build: 61025.2)All About Assert Part II: What Assert Is Good Forhttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#219726Tue, 24 Aug 2004 23:35:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:219726.Net Security BlogAll About Assert Part II: What's Assert Good Forhttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#219727Tue, 24 Aug 2004 23:35:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:219727.Net Security BlogAll About Assert Part III: Dispelling the Mythshttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#220462Wed, 25 Aug 2004 23:22:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:220462.Net Security Blogre: All About Assert Part I: What Assert Actually Doeshttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#220744Thu, 26 Aug 2004 06:05:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:220744Eric NewtonSo, if I'm a hacker... just call Assert with FullTrust then I can do anything? <br> <br>There goes CAS? <br> <br>Am I missing something here?All About Assert Part III: Dispelling the Mythshttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#221047Thu, 26 Aug 2004 22:07:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:221047.Net Security Blogre: All About Assert Part I: What Assert Actually Doeshttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#221054Thu, 26 Aug 2004 19:09:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:221054ShawnHi Eric, <br> <br>Actually, that's assert myth #3 (<a target="_new" href="http://blogs.msdn.com/shawnfa/archive/2004/08/25/220458.aspx#myth3">http://blogs.msdn.com/shawnfa/archive/2004/08/25/220458.aspx#myth3</a>) .... while the call to Assert will &quot;succeed&quot; in that it will return to you without an causing an exception (assuming you have Assertion permission), it will actually have no effect unless you also have the permissions that you are Asserting. <br> <br>So the only way for your scenario to work would be if the hacker was executing under FullTrust already, in which case, this is no longer an interesting form of attack (it doesn't buy the hacker anything). <br> <br>-ShawnAll About Assert Part IV: When Assert Won't Helphttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#221093Thu, 26 Aug 2004 23:31:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:221093.Net Security Blogre: All About Assert Part I: What Assert Actually Doeshttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#221163Thu, 26 Aug 2004 22:19:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:221163NoviceWhen you say the following is untrue: <br>Assert stops all stack walks from proceeding further up the call chain <br> <br>You mean that the use of Assert for a particular permission will not stop stack walks from proceeding up the call stack for other permissions, correct? <br> <br>Thanks, <br>Novicere: All About Assert Part I: What Assert Actually Doeshttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#221191Thu, 26 Aug 2004 22:58:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:221191ShawnThat's correct. Check out Myth #6 for more details on this. (<a target="_new" href="http://blogs.msdn.com/shawnfa/archive/2004/08/25/220458.aspx#myth6">http://blogs.msdn.com/shawnfa/archive/2004/08/25/220458.aspx#myth6</a>) <br> <br>-ShawnWhen is ReflectionPermission Needed?http://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#389771Tue, 08 Mar 2005 23:36:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:389771.Net Security BlogAll About Assert Part I: What Assert Actually Doeshttp://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx#541677Thu, 02 Mar 2006 03:23:14 GMT91d46819-8472-40ad-a661-2c78acb4018c:541677dotnetkicks.comTrackback from dotnetkicks.com