CasPol security

[Guest]

Whats the danger in doing:

C:\...\caspol -enterprise -addfulltrust L:\foo.exe

foo is a local network (non-web based) application that
references internal databases and general web based
information sites.

Steve

 

[Chris Rolon]

The danger is that the application is being granted more rights than
necessary. If, somehow, the application were compromised through a stack
overrun or some other as yet undiscovered vulnerability, a hacker could do
damage to your system.

As a matter of policy applications should not run with privileges greater
than absolutely necessary. That is why the security model has changed and is
based on where the code came from rather than on who is logged in.

 

[Steve]

Chris.

I agree with your comments and thus is my concern.
However, while knowing nothing about security, it seems
running the Framework wizard "trust assembly" requires
that application be given full trust.

How can I [begin] to lower the trust level of the
application?

Steve

 

[Chris Rolon]

You need to figure out the minimum permissions required. This is something
that you should have somewhat of a handle on.

For example, any I/O will require access to the file system. But, are do you
really need access to the file system or just Isolated Storage. these are
different. The application will normally already have access to Isolated
Storage.

Do you require access to the registry, environment variables, printing,
UI...?

These are all questions that must be answered and trust can be applied
accordingly.

If the assembly uses declarative security, use PermView to give you a list
of the required permissions. Otherwise, test the application with an account
that has no additional priviliges.

Chris Rolon

Chris.

I agree with your comments and thus is my concern.
However, while knowing nothing about security, it seems
running the Framework wizard "trust assembly" requires
that application be given full trust.

How can I [begin] to lower the trust level of the
application?

Steve

-----Original Message-----
The danger is that the application is being granted more rights than
necessary. If, somehow, the application were compromised through a stack
overrun or some other as yet undiscovered vulnerability, a hacker could do
damage to your system.

As a matter of policy applications should not run with privileges greater
than absolutely necessary. That is why the security model has changed and is
based on where the code came from rather than on who is logged in.

--

Chris Rolon

This posting is provided "AS IS" with no warranties, and confers no rights.




.

 

[Chris Botha]

My humble opinion, I gave our whole server full trust on all desktops. It is
locally on the Intranet, any non-dotnet app on the server can be executed
from any desktop without a hoot in any case and I don't have time to try and
figure out what the minimum trust level per application should be.
This kind of issue is important when you use no-touch deployment over the
internet, as you are loading an app from a foreign server, not that I've
stumbled upon one on some Internet site yet, but just in case.