Microsoft's Comments on the Full Trust Type Safety issues

Revision as of 03:59, 27 May 2009 by Deleted user (talk | contribs)

Jump to: navigation, search

[ pictures of zambia africa ] [ australia winter weather ] recettes cuisine asiatique [ women held captive in africa ] [ asquared antivirus ] [ asia directory greece religion travel travel ] [ company sponsorship australia ] [ dancing skeleton life and death in west africa ] [ estudiar en australia ] links [ automatische perforierung ] [ australian bookmakers association ] [ visa sponsorship australia ] [ asian womens hair style ] [ napa auto tool ] top [ car gps systems australia ] [ hunting farms in south africa ] page [ asian dominatrixs ] [ automobile convertible ] [ paving bricks western australia ] [ australias traditional clothing ] [ history of australian women ] [ memory lane auto part ] [ antivirus trialware download ] [ asian paints color ] [ australia queensland weather ] links [ africa center for strategic study ] [ asia netcom australia ] [ african astronomy history ] [ automobile spoiler ] [ ads asian personal ] [ auto cup holder insert ] [ symantec antivirus uninstall utility ] [ asian cosmetics ] [ volunteer africa wildlife ] [ norman antivirus download ] [ affordable africa vacation ] [ map of africas rivers and lakes ] sitemap [ johannesburg south africa news ] [ self managed super australia ] [ quickheal antivirus free download ] [ asian newcomer ] [ tight asian dvd ] [ antivirus for macintosh ] [ information on the country of africa ] [ magic carpet auto transport ] [ outlook autoreply ] [ map australia satellite ] auto title services texas [ tokyo auto show mitsubishi ] [ tourist attraction in africa ] [ asian stereotype ] [ asian educational family immigrant info ] [ 2006 australian open tennis tickets ] [ prestige auto finance ] [ air brush south africa ] [ kmart australia ipod ] [ autografe ] [ australian money open prize ] [ panda antivirus platinum 7 crack ] [ download symantec antivirus corporate edition 9.0 ] [ auto sketch 9 ] [ auto stauffer ] [ pop pro up winantivirus ] [ autograph bessie smith ] [ avg antivirus crack 7.0.300 ] [ african american by poetry woman ] [ auto barca da do inferno o ] [ asian mp3 downloads ] [ south africa cape town university ] [ a language for automation ] [ bank of east asia ] [ auto lift springs ] [ nn asian girls ] http [ creasian ] [ issue facing african american ] [ american asian movies ] [ 2006 used auto prices ] [ south african animal ] [ australia chronic fatigue syndrome ] [ nude asian body builder ] link [ cricket south africa live score ] [ printable outline map of africa ] [ auto parts for jeeps ] page [ antivirus 2004 free download ] [ australia convention ] [ african goddess names ] [ jamasian skate team ] microbiology research jobs in australia [ quake 3 servers australia ] [ african american family tradition ] [ asia clipart ] From: "Microsoft Security Response Center" <>
Sent: Monday, December 26, 2005 7:26 PM
Subject: RE: Possible Type Confusion issue in .Net 1.1 (only works in Full Trust)

Hi Dinis,

I trust you had or are having a great holiday season.

Thanks for heads up on your blog posting, I've received the following feedback from the product team, seems this topic has come up before.

Some people have argued that Microsoft should always enforce type safety at runtime (i.e. run the verifier) even if code is "Fully Trusted". We've chosen not to do this for a number of reasons (e.g. historical, perf, etc). There are at least two important things to consider about this scenario:

1) Even if we tried to enforce type safety using the verifier for Fully Trusted code, it wouldn't prevent Fully Trusted from accomplishing the same thing in 100 other different ways. In other words, your example accessed an object as if it were a different incompatible type - The verifier could have caught this particular technique that allowed him to violate type safety. However, he could have accomplished the same result using private reflection, direct memory access with unsafe code, or indirectly doing stuff like using PInvoke/native code to disable verification by modifying the CLR's verification code either on disk or in memory. There would be a marginal benefit to insuring people wrote "cleaner" more "type safe" code by enforcing verification at runtime for Full Trust, but you wouldn't get any additional security benefits because you can perform unverifiable actions in dozens of ways the verifier won't prevent if you are Fully Trusted.

2) As mentioned at the end of #1 above, one argument is that it's good for programmers (even fully trusted ones) to follow type safety rules, and doing runtime verification would keep peoplewriting cleaner code. However, we don't need to do the verification at "runtime" in order to encourage good type safety hygiene. Instead, we can rely on our languages to do this for us. For example, C# and VB by default ensure that you produce verifiable code. If you've written your code in a language like C#, you're not going to run into cases where you've accidentally created unverifiable code (This can be seen in the example posted on the blog since you needed to use the low level assembler to hack up a program initially compiled in C#). Given that you can't prevent Fully Trusted code from doing unverifiable things at runtime, there's only a marginal difference between encouraging type safety at compile time vs at runtime for the Fully Trusted code developer.

I hope that helps to convey the message on where Microsoft stands with this issue.

Kind Regards Scott D.