The fine print of StrongNameIndentityPermission

The benefits and limitations of using StrongNameIdentityPermission has been covered in several posts on the net:

One thing that they don’t mention, which most people might think is obvious, is that StrongNameIdentityPermission means nothing when calling the managed code from unmanaged code. Since umanaged code can’t be signed (at least not in the same meaning as managed code can) it isn’t too surprising. What is a bit surprising might be that the call into the assembly is permitted. I was hoping that the magic in the .Net framework would put a stop to it all. No such luck!

This means that someone who wants to circumvent the access control doesn’t have to bother with delayed signing and extracting the public key from the ‘protected’ assembly. It also means that the ‘attacker’ doesn’t have to be able to write to the GAC, only read from it (something all users have permission to do). Writing unmanaged code that calls managed code isn’t too difficult.

Leave a comment