Strong Name Bypass

re: Strong Name Bypass

Smith — Tue, 31 Mar 2009 14:32:32 GMT

Hi,

But StrongName isn't a condition to determine if application is or not full-trusted?

Visual guard for .Net, Visual guard for PowerBuilder, Security Application, Application Security , Authentication and Permission.

Ronak jain — Tue, 19 May 2009 10:27:09 GMT

I am not actually able to get what is it actually for ?

re: Strong Name Bypass

shawnfa — Fri, 22 May 2009 00:10:15 GMT

Bypassing the strong name verification step during assembly load means that your assemblies will load much faster. That, in turn, allows your managed application to have a quicker startup time.

-Shawn

re: Strong Name Bypass

guillon — Fri, 05 Jun 2009 09:13:55 GMT

Hi,

by doing this you remove the integrity check of assemblies by default, don't you?

I can't know if it is actually harmful at the end, but it seems to me that this was an important feature of .NET that is now left "aside". I.e. nobody except professional IT will ever re-activate it, letting most applications/machine without assembly integrity check.

For instance I can just modify with a bin editor any byte of a dll signed assembly and it will be loaded as is, executing non expected code.

Is there some reference justifying this apparently strange choice?

re: Strong Name Bypass

shawnfa — Mon, 08 Jun 2009 22:05:15 GMT

That's a good question guillon, and one I should write a whole blog entry on :-)

The basic point is that strong name signatures are not an integrity checking mechanism - they're an assembly identity mechanism. (They lack features of Authenticode signatures, such as chaining and revocation, which prevent them from being used as a full integrety checking mechainsm).

That combined with the fact that full trust assemblies can easily fake their strong name(by design - full trust code owns the process), means that you weren't getting an integrety check for free anyway.

Instead, for integrety checking, you really need to use Authenticode signatures.

-Shawn