This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "RuntimeMethodHandle.GetFunctionPointer() doesn't demand UnmanagedCode Security Permission"
Dinis.cruz (talk | contribs) |
Dinis.cruz (talk | contribs) |
||
Line 62: | Line 62: | ||
I did attempt searching in [http://msdn.microsoft.com/netframework/programming/breakingchanges/default.aspx Breaking Changes in .NET Framework 2.0] for this but since there is not search funcionality in there I gave up | I did attempt searching in [http://msdn.microsoft.com/netframework/programming/breakingchanges/default.aspx Breaking Changes in .NET Framework 2.0] for this but since there is not search funcionality in there I gave up | ||
+ | |||
+ | |||
+ | [[Category:OWASP .NET Project]] |
Revision as of 20:38, 18 July 2006
According to the official documentation the System RuntimeMethodHandle.GetFunctionPointer Method requires "SecurityPermission for the ability to call unmanaged code. Associated enumeration: SecurityPermissionFlag.UnmanagedCode" (for 1.1 see RuntimeMethodHandle.GetFunctionPointer Method for 2.0 see RuntimeMethodHandle.GetFunctionPointer Method)
Using Reflector we can see that in 1.1 this is enforced by a declarative Security Demand:
[SecurityPermission(SecurityAction.Demand, UnmanagedCode=true)] public IntPtr GetFunctionPointer() { return RuntimeMethodHandle.InternalGetFunctionPointer(this.m_ptr); }
but in 2.0 there is no security demand:
[MethodImpl(MethodImplOptions.InternalCall)] public extern IntPtr GetFunctionPointer();
This means that this code works in a 2.0 Partial Trust environment:
using System; using System.Reflection;
namespace Owasp { public class GetFunctionPointer { public static void Main() { Type tType = Type.GetType("Owasp.GetFunctionPointer"); //("System.String"); MethodInfo[] miMethods = tType.GetMethods(); foreach (MethodInfo mi in miMethods) { Console.WriteLine(mi.Name + " : " + Convert.ToString(mi.MethodHandle.GetFunctionPointer().ToInt64(),16)); } Console.WriteLine("\n\n---------------\n\n"); Console.ReadLine(); //MethodInfo mi = new MethodInfo() } } }
output:
Z:\>GetFunctionPointer.exe Main : c80070 GetType : 79690ccc ToString : 9127cc Equals : 9127e0 GetHashCode : 9127f4
i.e. it worked!
Where in 1.1, the same code throws (as expected) a security exception:
Unhandled Exception: System.Security.SecurityException: Request for the permisson of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1..5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed. at System.Security.CodeAccessSecurityEngine.CheckTokenBasedSetHelper(Boolean ignoreGrants, TokenBasedSet grants, TokenBasedSet denied, TokenBasedSet demands at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet denied, PermissionSet demands) at System.RuntimeMethodHandle.GetFunctionPointer() at Owasp.GetFunctionPointer.Main()
The state of the failed permission was: <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Vrsion=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode"/>
I did attempt searching in Breaking Changes in .NET Framework 2.0 for this but since there is not search funcionality in there I gave up