[Mono-list] IntPtr safety (was: need some help with PInvoke..)
David Jeske
jeske@chat.net
Thu, 10 Jul 2003 15:42:14 -0700
Looks like my PInvoke and Marshaling lesson is done. Thanks again for
the great help! This post is just a few general discussion comments on
IntPtr wrt VB and Security.
On Thu, Jul 10, 2003 at 02:13:33PM -0400, Jonathan Pryor wrote:
> Well, to speak on .NET's behalf, .NET has a highly flexible security
> system. You can't invoke DllImported functions unless your app has the
> appropriate security rights -- generally, that the app is running on the
> local machine. If you're running it from a network share, or from a web
> site (similar to Java Applets), then your app will get a
> SecurityException.
Is there a way to disallow an assembly from calling any function which
takes an IntPtr paramater or void* paramater? It seems to me that this
would be required to stop sandboxed code from segfaulting the
system. Otherwise I can just hand an HWND IntPtr I get from "secure
ok" S.W.F code, and hand it to "secure ok" Gtk code, and poof. :)
> > - If I want to reference the data in-place in unmanaged memory, I use
> > an unsafe struct and a struct pointer.
> >
> > - Since an IntPtr is basically a void*, I don't see why I would ever
> > use it, unless the external call actually takes a void*.
>
> You would use it if you need to expose the member to languages other
> than C#/C++. For example, Visual Basic has no syntax for "unsafe" code,
> and thus you couldn't use Visual Basic to perform your 2nd option. If
> you want your code to be usable by other languages, you'll need to
> provide an appropriate wrapper.
I guess this is my confusion. HWND* is _safer_ than IntPtr, because it
is a pointer to a specific type. It's the operations on HWND* that are
unsafe. It seems like it would be better if VB (and other languages
without unsafe) had the ability to express HWND*, and simply not
operate on it.
Certainly this:
.field public valuetype HDF* p
Is better than this:
.field public native int p
Ohh well... maybe it'll get in the queue for .NET 2.0. although I'm
much more excited about parametric types than I am worried about this.
--
David Jeske (N9LCA) + http://www.chat.net/~jeske/ + jeske@chat.net