Accessing the clr's interned string list

views:

207

answers:

+4 Q:

Accessing the clr's interned string list

I just answered a question where I said that while string interning is good it can be a security problem since a strings value can be easily accessed later on.

And while I'm quite sure this is true :-) I am not sure how easy it really is. I tried googling the topic but I got no relevant results (the google-fu is weak in this one), so then I try you folks on SO.

Do you know of any "easy" way to access the list of intered strings in an app domian? Must I use memory dumps and that stuff or is there a method like AppDomain.GetInteredStringsList()?

And related to that: How easy is it really to get any useful data from intered strings. Is it really a security hole to store sensitive data in strings?

+6 A:

It's not particularly easy - but it's doable.

Basically, if you've got anything which can take a memory dump, you could find bits of memory which look like they're string objects. (In particular, they'll all have the same "pointer to type information" at the start, so if you've got a sample string, you're away.)

By the way, this has little to do with interned strings. It's not like all strings are interned - only string constants, and strings which the user explicitly interns.

Jon Skeet 2008-12-23 13:07:49

references don't have pointer to type information, objects have that info in their object header.

Pop Catalin 2008-12-23 13:22:26

Sorry, that's what I meant - bits of memory which *are* strings. I'll edit the answer.

Jon Skeet 2008-12-23 19:17:12

... and strings you use switch on, even if they don't match one of the cases. I guess this falls under "explicitly interns" though it isn't as explicit as explicitly doing it ;)

Lasse V. Karlsen 2008-12-23 19:19:12

How are you switching on them if they're not literals? I suppose "string constants" is slightly more correct... I'll edit it to that.

Jon Skeet 2008-12-23 21:08:43

I don't see many cases where the developer would explicitly intern a string unless he is extremely focused on memory useage. Do you have any examples where it would be natural to use it?

Rune Grimstad 2008-12-31 10:05:03

Not unless you were using it to canonicalise a mapping. It is indeed pretty rare.

Jon Skeet 2008-12-31 11:07:15

+1 A:

In a sensible application passwords are stored in character arrays so that they can be overwritten when they are not needed anymore.

Bombe 2008-12-23 13:12:24

Do you have any examples of how you would do this? I don't see how you would do it using a password input box or an asp.net login form

Rune Grimstad 2008-12-31 10:00:50

+2 A:

Is it really a security hole to store sensitive data in strings?

Yes, definitely yes!

sensitive security data should be stored using the SecureString class.

Edit:

because even interned strings are stored in the managed heap, using a tool to dump the heap, will reveal all strings in the application.

Pop Catalin 2008-12-23 13:30:15

SecureString is not considered secure. For example, some of the live debugging tools (Hawkeye, sosassist, etc) can read them.

Marc Gravell 2008-12-23 13:50:32

@Mark nothing is secure, if you know how to read it, you can read any encrypted strings if you know the encryption scheme.

Pop Catalin 2008-12-23 13:55:53

Debug tools have access to extra kernel objects and have extra privileges, normal processes don't even under admin account, and can't read SecureStrings

Pop Catalin 2008-12-23 13:58:45

But since we are talking about people snooping into a process or dump, such concerns are entirely relevant. If we weren't talking about such snooping, `string` would be plenty secure.

Marc Gravell 2008-12-23 14:02:45

+1 A:

Not impossible to do... although not necessarily through managed code. Anything that has access to a process dump (windb / sos / etc) will have no difficulty looking for strings.

Marc Gravell 2008-12-23 13:48:46

ansaurus

tags:

views:

answers:

Accessing the clr's interned string list

related questions