[Mono-list] security issue with UM code??
Sebastien Pouliot
sebastien.pouliot at gmail.com
Tue Oct 25 13:19:47 EDT 2005
Hello Sanjay,
On Tue, 2005-10-25 at 09:54 -0700, itsme notyou wrote:
> MSDN says : " When parameters are passed by reference, a pointer to
> the parameters on the managed heap is passed to the unmanaged code.
> Since the unmanaged code receives a pointer, it is possible for the
> method to modify the data held on the managed heap. "
>
> So the intermediate Unmanaged representation is omitted (unless
> manually specified and alloced on unmanaged memory for complex types)
> and UM code operates diectly on managed heap.
>
> Wont this give privileges to the unmanaged code to possibly corrupt
> the heap?? And since the call is in the same thread, UM code can
> easily corrupt the managed heap.
Yes but from a security point of view all bets are off when you use
unmanaged code.
That's why there's an UnmanagedCode permission in CAS (Code Access
Security) to disallow managed code from calling native code. Sadly once
native code is called nothing can guarantee the security manager (or any
other structure/data) integrity.
> My managed heap seems overwritten (very subtly changed) and am unable
> to point it to the culprit....I am guessing that the above is
> happening. Any clue?
>
> -
> Sanjay.
> _______________________________________________
> Mono-list maillist - Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
More information about the Mono-list
mailing list