Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / CLR / June 2004

Tip: Looking for answers? Try searching our database.

Only launching assemblies from one publisher (myself)

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Berndt Johansson - 09 Jun 2004 20:24 GMT
Hi

I am strongnaming all my assemblies in this project with a public/private
key-pair (same key-pair for all assemblies).
One of the application is a launcher application that shells out an
application downloaded from a webserver. To avoid security issues, I would
like to determine that the downloaded executable is an executable published
by myself rather than launching possible dangerous code.

Is it really enough to compare the public key from the application to be
launched with the public key of the launcher applicatin itself? I mean, the
public key is just public and anyone could use it when they sign their
assemblies and I won't get the security check that I am after.

There must be something that I am missing here. Could someone please shed
som light on this or give me some pointers on where to dig for more
information?

/Berndt
Reply to this Message
Mattias Sj?gren - 10 Jun 2004 01:39 GMT
Berndt,

>Is it really enough to compare the public key from the application to be
>launched with the public key of the launcher applicatin itself? I mean, the
>public key is just public and anyone could use it when they sign their
>assemblies and I won't get the security check that I am after.

The private key is used to sign the assembly.

Personally I'd set up a new appdomain, with a strict policy
(SetAppDomainPolicy) that only allows your code to run.

Mattias

Signature

Mattias Sjögren [MVP]  mattias @ mvps.org
http://www.msjogren.net/dotnet/ | http://www.dotnetinterop.com
Please reply only to the newsgroup.

Reply to this Message
Berndt Johansson - 10 Jun 2004 07:50 GMT
Hi Mattias,

So, you would recommend to setup a new appdomain with a strongname
membership condition binding to the public key of our own signed assemblies?
As I understand it, this relies on the fact that the signing of assemblies
using a private key can only yield one public key and that there are no ways
to have two different private keys that generates the same signed public. If
this is the case, then comparing the assemblies public keys would be
sufficient, right? If someone had manipulated the manifest to have the same
public key, then the runtime would refuse to execute the modified assembly.
Am I jumping into wrong conclusions here or is this the way it works?

/Berndt

> Berndt,
>
[quoted text clipped - 9 lines]
>
> Mattias
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.