 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / April 2006Confusion about Assert()
Briefly, if my CAS policy allows permissions P1 and P2, can a method Assert() an additional permission P3 and get it? The documentation I looked at left that point a little unclear: "You can call the CodeAccessPermission.Assert method to prevent a demand propagating beyond the current stack frame. By using Assert, you vouch for the trustworthiness of your code's callers. Because of the potential for luring attacks, Assert needs to be used with caution."  Signaturehttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/T hreatCounter.asp I read that as "downstream callers may demand permissions which upon the stack walk hitting your stack frame you can use Assert to satisfy that demand... independent of the actual CAS permissions granted to your assembly". Which, if true, seems like a loophole in CAS, so what am I misunderstanding? Hi, As far as I undersatnd about the .Assert, it interrupt callers permission checking. In addition it can be use only once in a function... So far this is the only thing I catch from my actuall study on security. When to use it, sounds still not so clear fro me as well regards serge > Briefly, if my CAS policy allows permissions P1 and P2, can a method Assert() > an additional permission P3 and get it? The documentation I looked at left [quoted text clipped - 4 lines] > the trustworthiness of your code's callers. Because of the potential for > luring attacks, Assert needs to be used with caution." Hi, you should really get "Programming .NET Security" by Freeman/Jones (O'Reilly) - to understand CAS you need a good theoretical background, this stuff is just too complex to start with learning by doing/trial & error style.... --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com > Hi, > [quoted text clipped - 27 lines] >> your assembly". Which, if true, seems like a loophole in CAS, so >> what am I misunderstanding? > I read that as "downstream callers may demand permissions which upon the > stack walk hitting your stack frame you can use Assert to satisfy that > demand... independent of the actual CAS permissions granted to your > assembly". Which, if true, seems like a loophole in CAS, so what am I > misunderstanding? In order to successfully assert a permission, your assembly must be granted both that permission and SecurityPermission\Assertion, so it's not as much of a loophole as you seem to believe. If you would like to know more about the details of how assertion works, http://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx (and the three subsequent entries in the series) might be a good place to start. Thank you, that clears it up completely, and thanks for the link. > > I read that as "downstream callers may demand permissions which upon the > > stack walk hitting your stack frame you can use Assert to satisfy that [quoted text clipped - 8 lines] > http://blogs.msdn.com/shawnfa/archive/2004/08/23/219155.aspx (and the three > subsequent entries in the series) might be a good place to start. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.