[Mono-list] security issue with UM code??

Sebastien Pouliot sebastien.pouliot at gmail.com
Tue Oct 25 13:19:47 EDT 2005

Hello Sanjay,

On Tue, 2005-10-25 at 09:54 -0700, itsme notyou wrote:
> MSDN says :   " When parameters are passed by reference, a pointer to
> the parameters on the managed heap is passed to the unmanaged code.
> Since the unmanaged code receives a pointer, it is possible for the
> method to modify the data held on the managed heap.  "
> So the intermediate Unmanaged representation is omitted (unless
> manually specified and alloced on unmanaged memory for complex types)
> and UM code operates diectly on managed heap. 
> Wont this give privileges to the unmanaged code to possibly corrupt
> the heap??  And since the call  is in the same thread, UM code can
> easily corrupt the managed heap.

Yes but from a security point of view all bets are off when you use
unmanaged code.

That's why there's an UnmanagedCode permission in CAS (Code Access
Security) to disallow managed code from calling native code. Sadly once
native code is called nothing can guarantee the security manager (or any
other structure/data) integrity.
> My managed heap seems overwritten (very subtly changed) and am unable
> to point it to the culprit....I am guessing that the above is
> happening. Any clue?
> -
> Sanjay.
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list

More information about the Mono-list mailing list