1. Home
  2. Networking Firewalls
  3. best software firewall?
  4. Page 6

best software firewall?

Hm... Just the same that I'm fearing:

| 2.1 Verification | The general problem of verifying type safety is undecidable

aka "verification does not work". So far, so good. And now?

| if a program passes verification it is | guaranteed to satisfy prescribed safety properties

Of course. But these safety properties are doubtful, if there is pointer semantics.

| A bug in the Java bytecode verifier or Microsoft's | JIT verifier can be exploited by a hostile program to | circumvent all security measures

OMN! Java, too. Why didn't they implement a typing system in the interpreter, if everybody uses JIT compiling anyways?

It's not a bug, if a program verifies but is not secure. "This behaviour is by design", because the general problem of verifying type safety is undecidable.

Or is the simpler problem of the concrete verification process decidable? And how does this work, if there is pointer semantics? Does anybody know?

| 5.1 Checking Permissions | ... | .NET performs a similar stack walk with Frame | objects representing the frames on the stack. To | support multiple languages (including type unsafe | languages like C++), the stack has frames that are | managed and unmanaged. The managed frames are | frames that are verified for type safety while the | unmanaged frames have no safety guarantees.

This seems to be the answer: if there is pointer semantics, neither verification nor checking permissions will work. This means "bye-bye .NET security" for code, which uses unmanaged stack frames.

Does anybody know, when such code is usable?

BTW: very good paper, Duane! Sebastian, your fears, that .NET is as bad as ActiveX, seem to be causeless.

But even in this paper, the keypoints don't become clear:

For Java and .NET:

- how exactly does the verification process work

- can it guarantee type safety in verified code

- is this a decidable problem, what they designed (ridiculous, but we're talking about problems near the halting problem)

For .NET only:

- how does .NET handle not-typesafe code like every code with pointer semantics

- is there code running "trusted", but using "unmanaged stack frames" in .NET

- is there trusted code, which can use C++ interop

- how are the security checks done, CAS implements for flat API calls

See also:

formatting link
Unfortunately, there is not much information about these topics in MSDN.

Yours, VB.

Reply to
Volker Birk
Loading thread data ...

I would agree and so do others it would seem.

formatting link

Long

formatting link
Short

formatting link
Duane :)

Reply to
Duane Arnold

formatting link
Can you cite, what you're referencing, please?

This does not result into the above URL.

Yours, VB.

Reply to
Volker Birk

This paper seems not to be about .NET security, but about an extra sandbox implementation, which is not part of .NET. From it:

| Our sandbox is implemented as two security layers, one on top of the | Windows API and one in the kernel.

Yours, VB.

Reply to
Volker Birk

It also talks about using .NET Remoting as a proxy between managed and unmanaged code to enforce security between them.

Duane :)

Reply to
Duane Arnold

This is not the topic.

Yours, VB.

Reply to
Volker Birk

Yes, it is the topic. *NET is not secure* is the topic. The contents of the topic cannot be what you want it to be. As a matter of fact, even I have learned something from that article if I have to write secure .NET appications that deal with managed and unmanaged code in a solution.

Duane :)

Reply to
Duane Arnold

We're talking about wether .NET is secure, not how to secure it in spite of being insecure.

I'm very interested in finding answers to my questions, though. Do you have some?

Yours, VB.

Reply to
Volker Birk

The bottom line is .NET is secure when it comes to running programs that are under the control of .NET, managed code. .NET has no control of unmanaged code. However, .NET has some control of unmanaged code when it comes to initiating/running unmanaged code in a .NET solution. And one can protect .NET objects by using a proxy.

You're not going to find anything else about it. If we as Human Beings were perfect, then every thing we do I would expect to be perfect. We are not perfect.

It is what it is, and I for one, I am not going to be too concerned about the security of .NET.

Duane :)

Reply to
Duane Arnold

Is this true? Duane, I think, you cannot or don't want to help me. What's with other people here?

Of course.

Yours, VB.

Reply to
Volker Birk

It's not that I don't want to help you. I have taken you as far as I can take you. You'll have to cross the rest of the road yourself.

I suggest you find a .NET NG, as I don't think anyone here is really going to know the ins and outs of .NET.

Of course this is true.

I wish you the best of luck on this endeavor.

Duane :)

Reply to
Duane Arnold

OK. Thanx alot! ;-)

Hm... I'll consider that.

Yours, VB.

Reply to
Volker Birk

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.