Welcome to MSDN Blogs Sign in | Join | Help

October 2004 - Posts

Wednesday, October 27, 2004 11:47 AM

David Starts Blogging

David Notario has started up a blog ... he's one of the x86 JIT devs, and (since his office is right next door), is always the guy I go to when I need an issue about how the x86 JIT or the x86 JIT verifier works. His first post covers the phases of JIT
Posted by shawnfa | 1 Comments
Filed under:
Tuesday, October 26, 2004 1:58 PM

Easily Creating a StrongNameMembershipCondition for an Assembly

Taking a break from sandboxing in an AppDomain for a minute, lets take a look at another aspect of policy. One situation that comes up very frequently when trying to execute code in a limited-trust sandbox is that there are some assemblies that you do
Posted by shawnfa | 3 Comments
Filed under: , ,
Monday, October 25, 2004 12:28 PM

Creating an AppDomain with limited permissions

Oftentimes in an application, it's necessary to run untrusted code. The CLR lets you do this safely by placing the code in its own AppDomain and sandboxing the AppDomain to have a limited set of permissions. Usually setting up the AppDomain with the Internet
Posted by shawnfa | 10 Comments
Filed under: , ,
Friday, October 22, 2004 5:42 PM

Getting the Current Permissions in a Named Permission Set

There are several named permission sets defined by default in the CLR security policy: FullTrust SkipVerification Execution Nothing LocalIntranet Internet Everything These sets are used to create the default policy, however there's nothing stopping any
Posted by shawnfa | 5 Comments
Filed under: ,
Thursday, October 21, 2004 2:36 PM

The Locations of the Other Policy Levels

On Monday I wrote about how to recover CasPol to a usable state , if you've modified the security policy to disallow CasPol permission to run. My instructions included deleting %WINDIR%\Microsoft.Net\Framework\v x.y.zzzz \config\Security.config and Security.cch.
Posted by shawnfa | 0 Comments
Tuesday, October 19, 2004 9:34 AM

I'm Published!

The November 2004 issue of MSDN magazine is available online now, and it includes the first article I've ever had published. I co-authored this month's Trustworthy Code article, Exchange Data More Securely with XML Digital Signatures and Encryption with
Posted by shawnfa | 4 Comments
Filed under: , ,
Monday, October 18, 2004 12:01 PM

What to do when CasPol throws SecurityExceptions

CasPol is written in managed code, and as such is subject to the CLR's security policy system just like any other piece of managed code. Generally this is not a problem for it, since it is granted FullTrust by two separate code groups in the default policy,
Posted by shawnfa | 5 Comments
Filed under: ,
Friday, October 15, 2004 10:06 AM

Grunk Posts on File Canonicalization for FileIOPermission

Brian Grunnkmeyer recently posted a good piece on how FileIOPermission deals with file and path canonicalization. Brian wrote a large chunk of the base class library , and contributed to the SLAR . Its a good read if you want to know how FileIOPermission
Posted by shawnfa | 1 Comments
Filed under: ,
Thursday, October 14, 2004 5:46 PM

Does StrongNameSignatureVerificationEx Cache Registry Lookup Results?

I received a question recently about my post on Checking for a Valid Strong Name Signature . The person who was using the code I presented there to run some tests under NUnit . The format of the tests was to use the Microsoft.Win32.Registry classes to
Posted by shawnfa | 2 Comments
Filed under:
Wednesday, October 06, 2004 3:20 PM

Replacing Calc with Calculator Plus

On my home machine, and one of my office machines I log in as a normal user , and only elevate to an account with admin status when installing software, or doing other maintenance. Needless to say, doing that creates problems with various programs that
Posted by shawnfa | 11 Comments
Filed under:
Tuesday, October 05, 2004 2:11 PM

Mike Stall's (Relatively)New Debugger Blog

Mike Stall is one of the devs on our base services team, and his focus is on managed debugging. I played football with Mike 4 flag football seasons back, but generally don't need to work directly with him since the debugger and security don't have very
Posted by shawnfa | 1 Comments
Friday, October 01, 2004 1:33 PM

The Return of ManagedStrongName: Key Containers

(updated 12/3/04, pointed to the newly refactored source ) It's been nearly two months since the last update to my managed sn.exe port , so its long-past overdue for some new features. This update implements the various key container features that are
Posted by shawnfa | 0 Comments
 
Page view tracker