Hi,
If I provide Evidence to the .net framework on which code group my assembly belongs to, couldn't I provide false evidence stating that I belong in the Trusted Zone code group?
I know what security policies are, permission sets but I don't understand how the framework checks the Evidence and then based on that evidence, determines the code group.
Any explanation would be appreciated.
Thanks :)
The evidence can be assembly strong name, code base and other stuff. It certainly can verify those stuff. You manually trust assemblies based on the evidence. Basically, you tell the framework if an assembly has the following properties, grant it that permission set. I don't see a way you could provide false evidence. Can you provide an example?
PS. Yes, you could, for example steal someone's key pair and sign your assembly with that. Like any other security system, it relies on a trust chain. If you break a part of the chain, you've screwed up. There's no real way you could circumvent these stuff in a security system. After all, you could compromise the system with a buffer overflow or something and add your assembly to the full trust list.
The various BCL methods that allow a caller to provide evidence are themselves protected by permission demands. The caller will usually require at least SecurityPermission\ControlEvidence, but often an unrestricted permission grant (aka "full trust") is needed. (Since SecurityPermission\ControlEvidence is only granted to locally installed code under default CAS policy, there is little practical difference in most situations.) The end result is that only highly trusted code can affect the permission grant of any given assembly by controlling its evidence.
If you think that you've found an exception to this general rule, could you please provide the details?