This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

RuntimeMethodHandle.GetFunctionPointer() doesn't demand UnmanagedCode Security Permission

From OWASP
Revision as of 20:38, 18 July 2006 by Dinis.cruz (talk | contribs)

Jump to: navigation, search

According to the official documentation the System RuntimeMethodHandle.GetFunctionPointer Method requires "SecurityPermission for the ability to call unmanaged code. Associated enumeration: SecurityPermissionFlag.UnmanagedCode" (for 1.1 see RuntimeMethodHandle.GetFunctionPointer Method for 2.0 see RuntimeMethodHandle.GetFunctionPointer Method)

Using Reflector we can see that in 1.1 this is enforced by a declarative Security Demand: 

[SecurityPermission(SecurityAction.Demand, UnmanagedCode=true)]
public IntPtr GetFunctionPointer()
{
     return RuntimeMethodHandle.InternalGetFunctionPointer(this.m_ptr);
}

but in 2.0 there is no security demand: 

[MethodImpl(MethodImplOptions.InternalCall)]
public extern IntPtr GetFunctionPointer();

This means that this code works in a 2.0 Partial Trust environment: 

using System;
using System.Reflection;

namespace Owasp
{
   public class GetFunctionPointer
   {
       public static void Main()
       {
           Type tType = Type.GetType("Owasp.GetFunctionPointer"); //("System.String");
           MethodInfo[] miMethods = tType.GetMethods();
           foreach (MethodInfo mi in miMethods)
           {
               Console.WriteLine(mi.Name + " : " +  Convert.ToString(mi.MethodHandle.GetFunctionPointer().ToInt64(),16));
           }
           Console.WriteLine("\n\n---------------\n\n");
           Console.ReadLine();
           //MethodInfo mi = new MethodInfo()
       }
   }
}

output: 

Z:\>GetFunctionPointer.exe
Main : c80070
GetType : 79690ccc
ToString : 9127cc
Equals : 9127e0
GetHashCode : 9127f4

i.e. it worked!

Where in 1.1, the same code throws (as expected) a security exception: 

Unhandled Exception: System.Security.SecurityException: Request for the permisson of type System.Security.Permissions.SecurityPermission, mscorlib, Version=1..5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 failed.  
   at  System.Security.CodeAccessSecurityEngine.CheckTokenBasedSetHelper(Boolean ignoreGrants, TokenBasedSet grants, TokenBasedSet denied, TokenBasedSet demands 
   at System.Security.CodeAccessSecurityEngine.CheckSetHelper(PermissionSet grants, PermissionSet denied, PermissionSet demands) 
   at System.RuntimeMethodHandle.GetFunctionPointer()  
   at Owasp.GetFunctionPointer.Main()

The state of the failed permission was:
<IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Vrsion=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1"             Flags="UnmanagedCode"/>

I did attempt searching in Breaking Changes in .NET Framework 2.0 for this but since there is not search funcionality in there I gave up

Retrieved from "https://wiki.owasp.org/index.php?title=RuntimeMethodHandle.GetFunctionPointer()_doesn%27t_demand_UnmanagedCode_Security_Permission&oldid=7539"