Hi Jeroen, OK, it seems I've missed something, but I just tried to answer the question "why SkipVerification is considered more dangerous than UnmanagedCode?" and I'll add just one thing to my previous reply: Microsoft test if their compilers (C# and VB.NET, I know they don't do such tests on MC++) produce verifiable code. What is verifiable I don't know. I just know, that if either compiler fail to produce such code, MS take that as a severe bug and fix the compiler. So it is obvious that unverifiable code (similar to unverified code) can do something very dangerous, whatever it may be. I'm not familiar with Rotor as much as I wish, so I can't say anything more.
And "why SkipVerification is not included in Everything" is a question which could be answered by some Microsoft guy, paying attention to this list. Stoyan -----Original Message----- From: Jeroen Frijters [mailto:[EMAIL PROTECTED]] Sent: Monday, September 16, 2002 2:07 PM To: [EMAIL PROTECTED] Subject: Re: [ADVANCED-DOTNET] CAS: what's the diff between FullTrust and Everything permission sets? I have said this before, but I will say it again. From a security standpoint there is *no* difference between allowing code to skip verification or to call unmanaged code. If code has either of these two permissions, it can do whatever it wants on your system (limited, of course, by the rights of the user that runs the process). I don't think there is any good reason why SkipVerification is not included in Everything. BTW, there are more permissions that effectively give you full control over the system. Regards, Jeroen > -----Original Message----- > From: Moderated discussion of advanced .NET topics. > [mailto:[EMAIL PROTECTED]] On Behalf Of Stoyan Damov > Sent: Monday, September 16, 2002 10:51 > To: [EMAIL PROTECTED] > Subject: Re: [ADVANCED-DOTNET] CAS: what's the diff between FullTrust > and Everything permission sets? > > > If you use unmanaged code, you're in control -- you can do whatever > you wish. You can or cannot do harm, it's your call. > Skipping verification means that the JITCompiler function in > MSCorEE.dll > (Microsoft Component Object Runtime Execution Engine) will not verify > the IL code before it translates it into the target CPU architecture's > assembly instructions and execute it. This will eventually > skip to check > the security permissions of the code, so it is the machine's > administrator responsibility to uncheck this option in the .NET > framework configuration MMC console. > > Does this help? > > Stoyan Damov > > P.S. Read Jeffrey Richter's book for better explanation. > > > > -----Original Message----- > From: Shawn A. Van Ness [mailto:[EMAIL PROTECTED]] > Sent: Monday, September 16, 2002 8:59 AM > To: [EMAIL PROTECTED] > Subject: Re: [ADVANCED-DOTNET] CAS: what's the diff between FullTrust > and Everything permission sets? > > > Umm... yes, Valery -- that was part of my original question (still > unanswered). Does anyone know why SkipVerification is considered more > dangerous than UnmanagedCode? > > > 2) Why doesn't the Everything permset include the SkipVerification > > permission? Isn't UnmanagedCode more dangerous than > SkipVerification? > > -S > > > On Wed, 4 Sep 2002 10:19:59 +0200, Valery Pryamikov > <[EMAIL PROTECTED]> wrote: > > >Just in addition to previous posts to this thread: > > > >Everything PS is a set of standard permissions without skip > >verification (which is not allowed by default Everything PS). > > > >-Valery. > > > >You can read messages from the Advanced DOTNET archive, unsubscribe > >from Advanced DOTNET, or subscribe to other DevelopMentor lists at > >http://discuss.develop.com. > > You can read messages from the Advanced DOTNET archive, unsubscribe > from Advanced DOTNET, or subscribe to other DevelopMentor lists at > http://discuss.develop.com. > > You can read messages from the Advanced DOTNET archive, unsubscribe > from Advanced DOTNET, or subscribe to other DevelopMentor lists at > http://discuss.develop.com. > You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com. You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
