Secure Coding mailing list archives

FW: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

From: michaelslists at gmail.com (michaelslists at gmail.com)
Date: Wed, 29 Mar 2006 12:32:16 +1100

On 3/28/06, Michael S Hines <mshines at purdue.edu> wrote:

Isn't it possible to break out of the sandbox even with managed code? (That is, can't
managed code call out to unmanaged code, i.e. Java call to C++)?  I was thinking this was
documented for Java - perhaps for various flavors of .Net too?


Java _can_ call c++ but the the way to do it can be restricted by the
security manager. i.e. you can't call "System.loadLibrary" without
permission.

you "may" be able to call native functions of already loaded dll's
though by registering their headers like:

public native foo( ... );

not sure how far you'll get with that though.

-- Michael

Current thread:

FW: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Michael S Hines (Mar 27)
- FW: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Mar 28)
- FW: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists at gmail.com (Mar 28)