[Mono-bugs] [Bug 75786][Wis] Changed - Mono strong naming loader will load assemblies that do not match manifest

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Thu Aug 11 23:57:15 EDT 2005


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=75786

--- shadow/75786	2005-08-11 16:21:08.000000000 -0400
+++ shadow/75786.tmp.30480	2005-08-11 23:57:15.000000000 -0400
@@ -1,16 +1,16 @@
 Bug#: 75786
 Product: Mono: Runtime
 Version: 1.1
 OS: unknown
 OS Details: 
-Status: NEW   
-Resolution: 
+Status: RESOLVED   
+Resolution: WONTFIX
 Severity: Unknown
-Priority: Major
-Component: JIT
+Priority: Wishlist
+Component: misc
 AssignedTo: mono-bugs at ximian.com                            
 ReportedBy: Paul.Betts at Gmail.com               
 QAContact: mono-bugs at ximian.com
 TargetMilestone: ---
 URL: 
 Cc: 
@@ -68,6 +68,33 @@
     Hello World!    # but it doesn't
                     # theDll_new.dll could format your HD or something
 
 ------- Additional Comments From Paul.Betts at Gmail.com  2005-08-11 16:21 -------
 (Attachment is a .tar.bz2 by the way, for some reason, Bugzilla saves
 it as attachment.cgi)
+
+------- Additional Comments From sebastien at ximian.com  2005-08-11 23:57 -------
+Current versions of Mono only use strongnames for configuration
+purposes (i.e. GAC) and not for security.
+
+One of the main reasons is that anyone, with some local file access,
+can modify an assembly (e.g. dis/asm to remove strongname
+restrictions, remove/replace the original in the GAC). So the security
+of the strongnames aren't very revelant when running in FullTrust
+[1][2] and actually (and until CAS is completed) Mono only works with
+FullTrust.
+
+I understand your main point (the name inside the assembly manifest)
+isn't about the strongname signature (and a partial fix could be done
+to "solve" this specific case), however from a security point of view
+this is the exact same problem. So yes this is an hazard, but
+strongnames don't solve that under fulltrust.
+
+[1] E.g. MS runtime doesn't check the strongname signature for
+assemblies inside the GAC (gacutil does). This is great for
+performance but it's easy, with write access, to add/remove files from
+the GAC manually (hence bypassing the signature verification process).
+
+[2] This is one the reason why identity permissions (e.g.
+StrongNameIdentityPermission) won't be evaluated in FullTrust by MS
+2.x CLR (i.e. it was a performance problem and it didn't really help
+security).


More information about the mono-bugs mailing list