Implications of Fully Trusted Code

Keith Brown has a new MSDN Magazine Security Brief that discusses the implications of fully trusted code. [1]

His conclusion is thought provoking to say the least - "The goal of this column was to demonstrate that many of the security features of the CLR can only be enforced in a partial-trust environment. While the notion of full trust might seem obvious to some, I've reviewed plenty of designs that make assumptions about CLR security that simply don't fly in a full trust scenario. If you compare the CLR's built-in security to Windows built-in security, running with full trust is akin to running as SYSTEM. Fully trusted code can get around all of the CLR's built-in security features. That's why it's called fully trusted—it must be trusted to do the right thing. SYSTEM can get around any security constraint in Windows, which is why code running as SYSTEM must be trusted."

[1] http://msdn.microsoft.com/msdnmag/issues/04/04/SecurityBriefs/

posted on Wednesday, March 24, 2004 3:48 PM

This website is Copyright © 2001-2004 by Kylas Group LLC. All rights reserved. By using this website you agree to abide, comply, and be bound by these Terms of Use and Terms of Service. As a user of this website you agree that all information is provided on an as is basis, and the use of this web site is at your sole risk. Links listed are solely based on our opinion of value. The links provided are maintained by their respective organizations, who are solely responsible for its content. Trademarks are the property of their respective owners. Use of trademarks, logos, and brand names on this site are for identification purposes only, and does not imply an endorsement of this website by the trademark owner.

My Links

Archives

Post Categories

Articles

Blogs - Architecture

Blogs - Security

Blogs - Smart/Great/Local

Info - Architecture

Info - Essential

Info - Security

Affiliations

Sponsored By

Implications of Fully Trusted Code