Hi there,
I have just decided to attempt to secure my .NET app as much as
possible. The main reason I want to do this is because I have implemented a
plug-in engine, I thought that it would be quite easy for someone to make a
rogue plug-in that deleted files, or done other malicious tasks.
Anyway, the plugins that I have implemeneted so far are passed either 1
filename, or an array of filenames. Ideally I want to plugin to be able to
*read* ONLY the files that it has been passed, that means no access on *any*
other files or write access to the file.
I thought that this could be done quite simply by using the
FileIOPermission class. And yes it was, I implemented a quick deny and
revert deny before and after the plugin is called and it prevents the plugin
from writing to the file. But I could not work out how to set ALL
permissions, i.e. I want to set only read access for the files that it is
being passed and nothing else, how would I go about doing this?
Is there a way that you can deny permissions to everything and then
grant permissions to 1 thing? It would be nice to prevent the plug-ins from
doing *anything* malicious. Thank you very much for your help in advance,
and I look forward to advice on this one, a vice like grip shalt protect my
app's plugins from doing anything dubious!
Nick.
P.S.
Just a thought, is the best way to make an app 100% secure by deny all
permissions outright and having to grant permissions everytime a task is
performed that would need permissions? i.e.
1. When the app loads, deny all permissions
2. The app wants to change a system setting
3. The permissions are granted (or requested?)
4. The setting is changed
Just an idea, I'm probably miles of the mark!
--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."
Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
5  1078 
Hi Nick,
At a quick view, I think you may try to pass the FileStream reference to
the plugin.
using System;
using System.Security;
using System.Collections;
using System.Security.Policy;
using System.Security.Permissions;
using System.IO;
namespace ConsoleApplication32
{
class Class1
{
[STAThread]
static void Main(string[] args)
{
FileStream f = new FileStream(@"C:\test.txt",FileMode.Open);
PermissionSet ps= new PermissionSet(PermissionState.Unrestricted);
ps.Deny();
ClassLibrary9.Class1 cls = new ClassLibrary9.Class1();
byte[] rt=cls.hello(f);
f.Close();
}
}
}
using System;
using System.IO;
namespace ClassLibrary9
{
public class Class1
{
public Class1()
{
}
public byte[] hello(FileStream f)
{
byte[] a=new byte[255];
f.Read(a,0,255);
//f = new FileStream(@"C:\1.txt",FileMode.Open); //this line will failed
becaused of security exception
//f.Read(a,0,255);
return a;
}
}
}
You may have a try to see if this works for you.
If I have any new information, I will update with you.
If you have any quesiton on this problem please post here.
Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Hi Peter,
You have completely misunderstood what I was asking unfortunately. I
have a plugin engine that other people can make plugins for, anyone can make
one which is a good point *and* a down point.
Now I could quite easily make a rogue plugin that when called deletes
system files and changes systems settings. I want to prevent this from
happening by only giving the plugin the permissions that I desire, which
would be 1 thing
* Read access to 1 or many files
No more, and no less. I want to achieve this by using CAS (Code Access
Security). Which technically should enable me to set permissions before the
plugin is called, call the plugin and then revert the permissions one
complete. This will prevent the plugin from doing *anything* nasty and
untoward.
I just haven't seen any examples of denying all permissions to the
system other than read access to 1 or many files as yet. As an example of
what I am doing so far,
~~
Dim pIOPPermit As New FileIOPermission(FileIOPermissionAccess.Write,
iFile.FullName)
Call pIOPPermit.Deny()
'CALL PLUGIN WITH iFILE
Call pIOPPermit.RevertDeny()
~~
This prevents the file from being written to full stop, what I want is
*only* to specify read acccess permission and deny every other secruity
permission possible! Have you any ideas or seen any examples around at all?
I have read the docs but they are very descriptive without showing any code
examples, thanks for your help :-)
Nick.
--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."
Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
I forgot to comment, FileStream f = new FileStream(@"C:\test.txt",FileMode.Open);
PermissionSet ps= new PermissionSet(PermissionState.Unrestricted);
ps.Deny();
ClassLibrary9.Class1 cls = new ClassLibrary9.Class1();
byte[] rt=cls.hello(f);
f.Close();
Unfortunately this would require that I change the interface of my plugins
quite dramatically. The wonder of them is that they are passed simply
FileInfo objects or FileInfo collections. One plugin I have I cannot even
see the code that opens the file as it wraps a 3rd party DLL that performs
all of the necessary tasks.
I have been looking at the PermissionSet class also and the AddPermission
method, is it possible to use this to deny all permissions except for read
access to 1 file?
Nick.
--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."
Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"Peter Huang" <v-******@online.microsoft.com> wrote in message
news:9%****************@cpmsftngxa06.phx.gbl... Hi Nick,
At a quick view, I think you may try to pass the FileStream reference to
the plugin.
using System;
using System.Security;
using System.Collections;
using System.Security.Policy;
using System.Security.Permissions;
using System.IO;
namespace ConsoleApplication32
{
class Class1
{
[STAThread]
static void Main(string[] args)
{
}
}
}
using System;
using System.IO;
namespace ClassLibrary9
{
public class Class1
{
public Class1()
{
}
public byte[] hello(FileStream f)
{
byte[] a=new byte[255];
f.Read(a,0,255);
//f = new FileStream(@"C:\1.txt",FileMode.Open); //this line will failed
becaused of security exception
//f.Read(a,0,255);
return a;
}
}
}
You may have a try to see if this works for you.
If I have any new information, I will update with you.
If you have any quesiton on this problem please post here.
Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
I *think* I may have found what I am after
Dim pPStPermit As New PermissionSet(PermissionState.None)
pPStPermit.AddPermission(New FileIOPermission(FileIOPermissionAccess.Write,
iFile.FullName))
Dim pIOPPermit As New FileIOPermission(FileIOPermissionAccess.Read,
iFile.FullName)
Call pPStPermit.PermitOnly()
'CALL PLUGIN WITH iFile
'Revert permissions
Now the only problem being is that the PermissionSet object doesn't contain
revert! :-(
Nick.
--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."
Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"Peter Huang" <v-******@online.microsoft.com> wrote in message
news:9%****************@cpmsftngxa06.phx.gbl... Hi Nick,
At a quick view, I think you may try to pass the FileStream reference to
the plugin.
using System;
using System.Security;
using System.Collections;
using System.Security.Policy;
using System.Security.Permissions;
using System.IO;
namespace ConsoleApplication32
{
class Class1
{
[STAThread]
static void Main(string[] args)
{
FileStream f = new FileStream(@"C:\test.txt",FileMode.Open);
PermissionSet ps= new PermissionSet(PermissionState.Unrestricted);
ps.Deny();
ClassLibrary9.Class1 cls = new ClassLibrary9.Class1();
byte[] rt=cls.hello(f);
f.Close();
}
}
}
using System;
using System.IO;
namespace ClassLibrary9
{
public class Class1
{
public Class1()
{
}
public byte[] hello(FileStream f)
{
byte[] a=new byte[255];
f.Read(a,0,255);
//f = new FileStream(@"C:\1.txt",FileMode.Open); //this line will failed
becaused of security exception
//f.Read(a,0,255);
return a;
}
}
}
You may have a try to see if this works for you.
If I have any new information, I will update with you.
If you have any quesiton on this problem please post here.
Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Hi Peter,
It's quite typical that I choose most things that haven't been covered
too well, I'm not meaning to be awkward by asking so many questions, I'm
just keen to learn so that I can get my program on sale and the like. Tis
the only way that I am ever going to get commercial experience in .NET at
this rate, oh well, maybe I should let the plugins do whatever they want,
but saying that, would simply doing
~~
PermissionSet ps= new PermissionSet(PermissionState.Unrestricted);
ps.Deny();
~~
This would put the plugin in a restricted state for it's lifetime, as
per your first example. I shall have to try it out, I've been giving the
old PC a rest the past couple of days, thanks for your help Peter.
Nick.
--
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
"No matter. Whatever the outcome, you are changed."
Fergus - September 5th 2003
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: David McNab |
last post by:
Hi,
I'm writing a web app framework which stores pickles in client cookies.
The obvious security risk is that some 5cr1p7 X1ddi35 will inevitably try
tampering with the cookie and malforming...
|
by: Bruno Desthuilliers |
last post by:
Hi everyone !
Could someone point me to infos about securing python for use as CGI or
mod_python for a shared hosting environnement ?
I searched google, but did not find anything specific :(
...
|
by: atl-jcd |
last post by:
Does anyone have a HTML or PDF copy of the old Al Stevens article:
"Passing the C++ Test: Securing success in an interview" from Dr. Dobbs
Journal
(I know I can get it from the DDJ site if I...
|
by: byrocat |
last post by:
I'm chasing after a documetn that was available on one of the Microsoft
websites that was titled somethign like "MS SQL Server Best Practices"
and detailed a nyumber of best practices about...
|
by: James |
last post by:
What's the best way of securing online databases and web services? At present I am using a database password, which of course is not hard-coded into the web service, but this means re-submitting it...
|
by: Susan Bricker |
last post by:
Greetings. I am looking for some advice on making a database secure.
By secure, I mean that I want only certain people to have write access
to the database and I want the updates to be permitted...
|
by: Wm. Scott Miller |
last post by:
Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read alot
and I've followed most of the advice...
|
by: Mark Goosen |
last post by:
Hi ive installed wse 2.0 SP3 and was running throught the demo downlaoded on
the Securing the Username Token with WSE 2.0 page the Securing the Username
Token with WSE 2.0.
Im spose to change...
|
by: KJ |
last post by:
Hello All,
I have to secure my first real B2B web service. Could you please
provide some guidance as to which method of security I should use. One
caveat is that we will not be using SSL on the...
|
by: Les Desser |
last post by:
In article
<fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The
Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes
Not sure if I quite follow that.
1....
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
| |
