> I think that I start to understand this .NET security.
Basically it comes to this:
* You use strong names in the dll and exe, so the application user must
configure this application with key one time that it can be trusted.
Similar like ActiveX but no dialog box is shown.
* The program tells the JIT compiler what rights it need.
For example, a clock would not need file access, so it could tell the
JIT that it does not use the FileIOPermissio n for file access.
This way, a hacker cannot misuse this clock program to write a file to
the windows folder.
And I must add these hints too
* You need a .config file at the same location of the exe file and the used
dll's to
make .NET be able to find the newly provided dll's.
I have been fighting some problems with the JIT compiler incorrectly
claming that
he did not find the correct dll, while they were just right there.
* If one of these dll's uses the dynamic MFC dll's then add these to the
folder too.
(mfc70.dll, msvcp70.dll and msvcr70.dll for VC++ 2002)
Do not expect that MFC is installed on that machine.
(The odd thing is that .NET 1.0 have these dll's in it's folder, but
apparently does
not put this in a search path.
* Put something like this to your main() in order to see why the pogram
crashes.
try {
Application.Run (new Form1());
} catch (SecurityExcept ion e) {
MessageBox.Show ("Not enough security rights to run this
program!\r\r"+e .ToString()+"\r \rThis program will now terminate!",
"ctRepair: Security
error",MessageB oxButtons.OK,Me ssageBoxIcon.Er ror);
} catch (Exception e) {
MessageBox.Show ("This program caused an unknown
exception!\r\r" +e.ToString()+" \r\rThis program will now terminate!",
"ctRepair: Unknown
exception",Mess ageBoxButtons.O K,MessageBoxIco n.Error);
}
* Use Microsoft FxCop to inspect your .NET created DLL's if they are
reusable for other languages.
This program helped me a lot to help port my code.
* Add this to your assembly file (C# example) if you are porting existing
unmanaged C++ code to managed code.
It gives too much security rights but at least the code runs like an
older .exe program, and can be started from a
network driver, open network folder, read/write the registery and access
any folder on your local machine....
In a next stage you can start revoking these righst step by step.
using System;
using System.Security ;
using System.Security .Permissions;
[assembly:Securi tyPermission(Se curityAction.Re questMinimum,
UnmanagedCode=t rue)]
[assembly:FileIO Permission(Secu rityAction.Requ estMinimum,
Unrestricted=tr ue)]
[assembly:Regist ryPermission(Se curityAction.Re questMinimum, All="*")]
[assembly:ZoneId entityPermissio n(SecurityActio n.RequestMinimu m,Zone=Security
Zone.NoZone)]
[assembly:ComVis ible(true)]
[assembly:CLSCom pliant(true)]
Well, I hope that this overview avoids other people becoming depressed when
all seems to fail when they start using .NET for the first time. ;-)
