Microsoft's Comments on the Full Trust Type Safety issues

From OWASP
Revision as of 07:09, 26 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[http://s1.shard.jp/olharder/automatic-bread.html outlook autoreply ] [http://s1.shard.jp/losaul/online-clothing.html map australia satellite ] auto title services texas [http://s1.shard.jp/olharder/44-auto-trader-nz.html tokyo auto show mitsubishi ] [http://s1.shard.jp/frhorton/hwct2dcpc.html tourist attraction in africa ] [http://s1.shard.jp/galeach/new118.html asian stereotype ] [http://s1.shard.jp/galeach/new14.html asian educational family immigrant info ] [http://s1.shard.jp/losaul/australian-vets.html 2006 australian open tennis tickets ] [http://s1.shard.jp/olharder/route-66-auto.html prestige auto finance ] [http://s1.shard.jp/frhorton/wntjtqor2.html air brush south africa ] [http://s1.shard.jp/losaul/australian-walkabout.html kmart australia ipod ] [http://s1.shard.jp/olharder/auto-remer.html autografe ] [http://s1.shard.jp/losaul/australian-cricket.html australian money open prize ] [http://s1.shard.jp/bireba/antivirus-services.html panda antivirus platinum 7 crack ] [http://s1.shard.jp/bireba/antivirus-software.html download symantec antivirus corporate edition 9.0 ] [http://s1.shard.jp/olharder/wes-finch-auto-plaza.html auto sketch 9 ] [http://s1.shard.jp/olharder/morrey-auto-group.html auto stauffer ] [http://s1.shard.jp/bireba/innoculate-antivirus.html pop pro up winantivirus ] [http://s1.shard.jp/olharder/stevens-creek.html autograph bessie smith ] [http://s1.shard.jp/bireba/avg-antivirus.html avg antivirus crack 7.0.300 ] [http://s1.shard.jp/frhorton/jaqhtnv6f.html african american by poetry woman ] [http://s1.shard.jp/olharder/baltimore-auto.html auto barca da do inferno o ] [http://s1.shard.jp/galeach/new97.html asian mp3 downloads ] [http://s1.shard.jp/frhorton/pp3b7gffd.html south africa cape town university ] [http://s1.shard.jp/olharder/jl-french-automotive.html a language for automation ] [http://s1.shard.jp/galeach/new131.html bank of east asia ] [http://s1.shard.jp/olharder/automatic-direction.html auto lift springs ] [http://s1.shard.jp/galeach/new44.html nn asian girls ] http [http://s1.shard.jp/galeach/new153.html creasian ] [http://s1.shard.jp/frhorton/dfj31yuuh.html issue facing african american ] [http://s1.shard.jp/galeach/new1.html american asian movies ] [http://s1.shard.jp/olharder/prestige-auto.html 2006 used auto prices ] [http://s1.shard.jp/frhorton/k7b9qt4bf.html south african animal ] [http://s1.shard.jp/losaul/australia-food-product.html australia chronic fatigue syndrome ] [http://s1.shard.jp/galeach/new32.html nude asian body builder ] link [http://s1.shard.jp/frhorton/gicyohdlg.html cricket south africa live score ] [http://s1.shard.jp/frhorton/41nbv47ei.html printable outline map of africa ] [http://s1.shard.jp/olharder/auto-tune-demo.html auto parts for jeeps ] page [http://s1.shard.jp/bireba/symantec-antivirus.html antivirus 2004 free download ] [http://s1.shard.jp/losaul/breeds-of-beef-cattle.html australia convention ] [http://s1.shard.jp/frhorton/y9my6dqry.html african goddess names ] [http://s1.shard.jp/galeach/new120.html jamasian skate team ] microbiology research jobs in australia [http://s1.shard.jp/losaul/ladies-fashion.html quake 3 servers australia ] [http://s1.shard.jp/frhorton/lmi1tnyfh.html african american family tradition ] [http://s1.shard.jp/galeach/new31.html asia clipart ] http://www.textcopassitelt.com From: "Microsoft Security Response Center" <secure@microsoft.com>
Sent: Monday, December 26, 2005 7:26 PM
To: dinis@ddplus.co.uk
Subject: RE: Possible Type Confusion issue in .Net 1.1 (only works in Full Trust)

Hi Dinis,

I trust you had or are having a great holiday season.

Thanks for heads up on your blog posting, I've received the following feedback from the product team, seems this topic has come up before.

Some people have argued that Microsoft should always enforce type safety at runtime (i.e. run the verifier) even if code is "Fully Trusted". We've chosen not to do this for a number of reasons (e.g. historical, perf, etc). There are at least two important things to consider about this scenario:

1) Even if we tried to enforce type safety using the verifier for Fully Trusted code, it wouldn't prevent Fully Trusted from accomplishing the same thing in 100 other different ways. In other words, your example accessed an object as if it were a different incompatible type - The verifier could have caught this particular technique that allowed him to violate type safety. However, he could have accomplished the same result using private reflection, direct memory access with unsafe code, or indirectly doing stuff like using PInvoke/native code to disable verification by modifying the CLR's verification code either on disk or in memory. There would be a marginal benefit to insuring people wrote "cleaner" more "type safe" code by enforcing verification at runtime for Full Trust, but you wouldn't get any additional security benefits because you can perform unverifiable actions in dozens of ways the verifier won't prevent if you are Fully Trusted.

2) As mentioned at the end of #1 above, one argument is that it's good for programmers (even fully trusted ones) to follow type safety rules, and doing runtime verification would keep peoplewriting cleaner code. However, we don't need to do the verification at "runtime" in order to encourage good type safety hygiene. Instead, we can rely on our languages to do this for us. For example, C# and VB by default ensure that you produce verifiable code. If you've written your code in a language like C#, you're not going to run into cases where you've accidentally created unverifiable code (This can be seen in the example posted on the blog since you needed to use the low level assembler to hack up a program initially compiled in C#). Given that you can't prevent Fully Trusted code from doing unverifiable things at runtime, there's only a marginal difference between encouraging type safety at compile time vs at runtime for the Fully Trusted code developer.

I hope that helps to convey the message on where Microsoft stands with this issue.

Kind Regards Scott D.