WebApp Sec mailing list archives

Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

From: Valdis.Kletnieks () vt edu
Date: Sat, 25 Mar 2006 21:25:42 -0500

On Sat, 25 Mar 2006 11:39:19 GMT, Dinis Cruz said:

Finally, you might have noticed that whenever I talked about 'managed
code', I mentioned 'managed and verifiable code', the reason for this
distinction, is that I discovered recently that .Net code executed under
Full Trust  can not be (or should not be) called 'managed code', since
the .Net Framework will not verify that code (because it is executed
under Full Trust). This means that I can write MSIL code which breaks
type safety and execute it without errors in a Full Trust .Net environment.


I'm not sure which is stronger at the moment, the "that's scary" implications
or the "why did they *bother*?" implications....

Attachment: _bin
Description:

Current thread:

4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Mar 25)
- RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Jeff Williams (Mar 25)
  - Re: [Owasp-dotnet] RE: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Mar 27)
    - Re: [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IEvulnerability, Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code Joe Ciechanowski (Mar 31)
    - Re: [Full-disclosure] Re: [Owasp-dotnet] RE: 4 Questions: Latest IEvulnerability, Firefox vs IE security, User vs Admin risk profile,and browsers coded in 100% Managed Verifiable code Saqib Ali (Mar 31)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Valdis . Kletnieks (Mar 25)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Brian Eaton (Mar 25)
  - Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pilon Mntry (Mar 27)
- Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Pavel Kankovsky (Mar 27)

(Thread continues...)