> Now to do this he still needs admin access... Even that can be done, abeit there isnt (to my knowledge) an automajic way of doing it (somebody will figure out a way) but there is a Black Hole in the way windows works that lets a users privilages be elevated.
-------- Steven H > -----Original Message----- > From: Moderated discussion of advanced .NET topics. > [mailto:ADVANCED-DOTNET@;DISCUSS.DEVELOP.COM] On Behalf Of > Jason Whittington > Sent: Tuesday, 22 October 2002 11:45 a.m. > To: [EMAIL PROTECTED] > Subject: Re: tamper proof assembly question > > > > One of the worst case scenarios would be for someone to > ship a hacked > > mscorlib then somehow run sn.exe on the deployment machine > to turn off > > verification checking on mscorlib. There are 3 problems the bad guy > has to > > overcome: > > > > 1. getting the fake mscorlib onto the machine > > 2. getting sn.exe onto the machine (it only ships with the > sdk and not > the > > redist) > > 3. running the application (sn.exe) under an admin account > > > #2 isn't really a problem - it's not like SN -Vr does much > beyond setting a registry key. So all hacker X has to do is > get that reg key set. Now to do this he still needs admin access... > > Jason > > You can read messages from the Advanced DOTNET archive, > unsubscribe from Advanced DOTNET, or subscribe to other > DevelopMentor lists at http://discuss.develop.com. > You can read messages from the Advanced DOTNET archive, unsubscribe from Advanced DOTNET, or subscribe to other DevelopMentor lists at http://discuss.develop.com.
