为什么.NET无法验证BCL / CLR? [英] Why does .NET not verify the BCL/CLR?
问题描述
在BCL及放所有的.NET组件; CLR(开始只是CLR会使用)都是强命名和数字签名。被提供的数字证书,得到测量的信任的,该组件尚未被篡改或替换。然而,它不会出现.NET曾经检查数字签名(它可以检查强名称为汉斯·<一个href="http://stackoverflow.com/questions/7385084/why-does-net-not-verify-the-bcl-clr/7385229#7385229">pointed出)。
All .NET assemblies in the BCL & CLR (onwards just CLR will be used) are both strongly named and digitally signed. Digital certificates are provided to give a measure of trust that the assembly has not been tampered with or replaced. However it does not appear that .NET ever checks the digital signature (it can check the strong name as Hans pointed out).
这是有道理的检查上的组件负载是有缺陷的becaused的修改CLR可能假的答案。我的想法是,从.NET 1 检查的角度唯一安全的地方是在框架的非托管$ C $的一部分启动C的靴带框架。大缺点是对性能的影响。
It makes sense that checking on assembly load is flawed becaused an modified CLR could fake the answers. My thinking is that the only safe place from the perspective of .NET1 to check is on start of the framework as part of the unmanaged code that boot straps the framework. Big downside is the performance impact.
我在看这从开发人员的角度来看,。换句话说我怎么知道我的申请没有被损害由一个已经拥有CLR 2 ,或者换一种说法是存在的,无论如何,应用程序信任CLR?
I am looking at this from the perspective of a developer, in otherwords how do I know that my application is not being compromised by an already owned CLR2, or put another way is there anyway for an application to trust the CLR?
我的问题是为什么.NET无法验证CLR?是不是因为对性能的影响还是有更多呢?
So my question is why does .NET not verify the CLR? Is it because the performance impact or is there more to it?
1.我专注于.NET,就可以乱用的Windows,从而打破了想法,但如果你已经拥有的Windows,你并不真正需要自己的.NET。
这2。实施例是用户输入的密码进应用,它被存储在一个SecureString的但BCL被破坏这样的攻击者现在获得该信息。这使他们获取信息的东西。我意识到攻击者,如果他能取代CLR可以把一个键盘记录在机器上了,但是这是(希望)检测到一个体面的安全工具。还有很多其他的方法来攻击这一点,核心是如何知道自己是否SecureString的已被更改。
1. I am focusing on .NET, it is possible to mess with Windows and thus break the idea but if you already own Windows you don't really need to own .NET.
2. Example of this is user inputs password into application, it is stored in a SecureString but the BCL is compromised so the attacker is now getting that info. It allows them to capture the information for something else. I realise the attacker if he could replace the CLR could put a key logger on the machine too, but that is (hopefully) detectable with a decent security tool. There is also lots of other ways to attack this, the core is how do I know if SecureString has been changed.
推荐答案
这是在改变了.NET 3.5 SP1,打算作为的启动PERF的改善为在完全信任运行给他们平等与做这样的检查本机程序的应用程序。验证强名称是在管理程序昂贵,冷启动往往是缓慢的,由于大量的DLL。您可以重新打开它的config文件:
This was changed in .NET 3.5 SP1, intended as a startup perf improvement for apps that run in full trust to give them parity with native programs which do no such checking. Verifying the strong name is expensive and cold starts on managed programs tend to be slow due to the large number of DLLs. You can turn it back on with the .config file:
<configuration>
<runtime>
<bypassTrustedAppStrongNames enabled="false"/>
</runtime>
</configuration>
或者通过编辑注册表项,因此它适用于所有的.NET程序:
Or by editing a registry key so it is in effect for all .NET programs:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework]
"AllowStrongNameBypass"=dword:00000000
还设置了64位计算机上的HKLM \ SOFTWARE \ Wow6432Node关键。
Also set the HKLM\Software\Wow6432Node key on a 64-bit machine.
这篇关于为什么.NET无法验证BCL / CLR?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
