Secure Coding mailing list archives
FW: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code
From: michaelslists at gmail.com (michaelslists at gmail.com)
Date: Wed, 29 Mar 2006 12:32:16 +1100
On 3/28/06, Michael S Hines <mshines at purdue.edu> wrote:
Isn't it possible to break out of the sandbox even with managed code? (That is, can't managed code call out to unmanaged code, i.e. Java call to C++)? I was thinking this was documented for Java - perhaps for various flavors of .Net too?
Java _can_ call c++ but the the way to do it can be restricted by the security manager. i.e. you can't call "System.loadLibrary" without permission. you "may" be able to call native functions of already loaded dll's though by registering their headers like: public native foo( ... ); not sure how far you'll get with that though. -- Michael
Current thread:
- FW: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Michael S Hines (Mar 27)
- FW: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code Dinis Cruz (Mar 28)
- FW: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code michaelslists at gmail.com (Mar 28)