I’m so special…

Continuing with my rebuttal of Shawn’s listing of reasons for forcing full trust of assemblies in the GAC…

3.a) “Since you have to be an administrator in order to add an assembly to the GAC, it is already considered special from a security standpoint.”

Ouch. Got a few things to say about this one…

i. Joe User can’t write to the Program Files directory either. Does this make it special too? (Rhetorical question, I hope. ;))

ii. One absolutely does not need to be an administrator to add assemblies to the GAC. Even under default ACLs (at least on fully patched Windows XP and .NET Framework 1.1), power users can also do so. Although I haven’t tried this, I’m guessing that manipulation of ACLs might also allow any user to do so.

iii. Unfortunately, far too many enterprise users (particularly in smaller businesses) and almost all home users run as admins. In practice, there’s nothing special about a location to which all these folks can write. These are also the users who can most benefit from the protections offered by limitation of CAS permissions.

iv. Windows 98, Windows 98 Second Edition, Windows ME are all listed as supported versions for the beta version of the v. 2.0 Framework. Assuming this doesn’t change, the supposed “difficulty” of placing assemblies in the GAC shouldn’t be a factor in the decision to force full trust of GACed assemblies.

3.b) “For instance, strong name verification is skipped for assemblies that are loaded from the GAC.”

Well, I’ve never liked that one–surprise! 🙂 Amongst other things, consider those poor Win9x users and all those folks who run with sufficient privileges to alter the contents of the GAC. Also, given that the ACLs on the GAC can be altered, it seems ridiculous for the platform provider to be making decisions based on an assumption that the default ACLs will be in effect.

Leave a Reply

Your email address will not be published. Required fields are marked *