.NET Security.

Hot Topic

XPath - Get node
WindowIdentity.Groups not showing sub-groups(Edited in Yellow)
convert database to xml
Unable to read data from the transport connection
What XML can do, i can do with simple Textfile !!!! where is the big deal?
Automatically run C#.NET code after 5 minutes (Winforms)
Problem with HttpListener
Xml and the dreaded ampersand character
merging contextmenu strips
Exception Details.

.NET Development

Inserting an HTML document into a database (SQL problem)
Cannot obtain schema information in the middle of a transaction
Possible Problem With Sockets 2.0 Implementation in .NET 2 with McAfee Software?
Performance of Type.InvokeMember vs MethodInfo.Invoke
Windows Update and the .NET FW 3.0
How can I convert this c# code into a regular expression?
How to binding dabase table with DataGridView on special condition?
Ping, packets, TTL and losses
Problems with IndexOf
.NET and multithread networks server application

.NET Security.

There is something about .NET security I dont quite understand. Lets say that I'm writing an application with plug-in support, i.e. my application can load any assembly, private or shared. Users can load the assembly, work with it's members and unload them. To unload the assembly, I create a new Appdomain, load the assembly and unload the appdomain as explained here
http://msdn.microsoft.com/library/default.asp url=/library/en-us/dncscol/html/csharp05162002.asp

I create the app domain like this;

AppDomain^ newAd = AppDomain::CreateDomain("MyAppDomain",AppDomain::CurrentDomain->Evidence, ads);

where ads is AppDomainSetup^ ads with some fields set.

So far so good. What I dont understand is, should I worry about security or not. My application may run untrusted code, I agree. But it is my understanding that every assembly belongs to a code group, and the persmissions are set for each code group my the machine administrator. Since I'm setting the Evidence of new appdomain to default app domain, should I worry about secuirty issues

Could someone give an example of what can go wrong if I dont set the security right Please provide some links also (if possible)

Thanks in advance
fiz

Answer this question

.NET Security.

  • Evgeny Shvets

    Well, the quick answer is yes. You should worry about security always. Now, I am not completely sure what you are trying to make here, but I will try to give you some insight.

    First of all, the CLR is deciding which permissions to give to a certain assembly (and when you pass an evidence to the CreateDomain, to the domain), by getting the evidence and passing it through the code group architecture. The explanation could get more detailed here, but suffice it to say that the assembly will get a PermissionSet (which is a list of permissions) and according to that permission set the CLR will decide what that assembly is allowed to do and what not. So we have something like this : Evidence -> CodeGroupArchitecture -> PermissionSet.

    Now the default code groups in the CLR make this decisions based on where the assembly is coming from (this is a process that already happens). For example Intranet, MyComputer, Internet, Trusted and Untrusted zones will give different permission sets.

    Where can you go.

    1. You will not make any security settings and pass the evidence and is, so the CLR will decide what permissions to give to each assembly according to where they are coming from

    2. You want to restrict all assemblies that pass through your architecture. In this case you can use the following function

    public static AppDomain CreateDomain (
	string friendlyName,
	Evidence securityInfo,
	AppDomainSetup info,
	PermissionSet grantSet,
	params StrongName[] fullTrustAssemblies
)
    So for more detailed advices, I would need some information about where the assemblies you are loading come from and whether you want them to run under a restrictive environment (for example not allow them to to registry operations or fileIO operations)


  • .NET Security.
Answer this question