Difference between revisions of ".Net Type Safety"

From OWASP
Jump to: navigation, search
 
(8 intermediate revisions by one user not shown)
Line 1: Line 1:
 
'''Issues:'''
 
'''Issues:'''
 +
* [[Possible Type Confusion issue in .Net 1.1 (only works in Full Trust)]]
 
* [[Full Trust CLR Verification issue: changing the Method Parameters order]]
 
* [[Full Trust CLR Verification issue: changing the Method Parameters order]]
 +
* [[Full Trust CLR Verification issue: changing the return address order]]
 +
* [[Full Trust CLR Verification issue: Changing Private Field using Proxy Struct]]
 +
* [[Full Trust CLR Verification issue: Exploiting Passing Reference Types by Reference]]
 
* [[Manipulating private method behaviour by overriding public virtual methods in public classes]]
 
* [[Manipulating private method behaviour by overriding public virtual methods in public classes]]
 +
* [[CSharp readonly modifier is not inforced by the CLR (when in Full Trust)]]
 +
* [[ANSI/UNICODE bug in System.Net.HttpListenerRequest]]
  
 
'''Further Research:'''
 
'''Further Research:'''
 
* [[RuntimeMethodHandle.GetFunctionPointer() doesn't demand UnmanagedCode Security Permission]]
 
* [[RuntimeMethodHandle.GetFunctionPointer() doesn't demand UnmanagedCode Security Permission]]
 
* [[ECall methods must be packaged into a system module]]
 
* [[ECall methods must be packaged into a system module]]
 +
* [[JIT prevents short overflow (and PeVerify doesn't catch it)]]
 +
 +
 +
Other
 +
* [[Microsoft's Comments on the Full Trust Type Safety issues]]
 +
 
[[Category:OWASP .NET Project]]
 
[[Category:OWASP .NET Project]]

Latest revision as of 22:44, 28 July 2006

Issues:

Further Research:


Other