Tuesday, May 13, 2008

With .Net 3.5 SP1 you can now launch Fully Trusted App's from your Network Shares, by default...

.NET Security Blog - FullTrust on the LocalIntranet

"We released the first beta of .NET 3.5 SP 1 this morning, and it includes a change to the default grant set for applications launched from the LocalIntranet zone.  The quick summary is that as of .NET 3.5 SP1, applications run from a network share will receive a grant set of FullTrust by default, making them act the same as if they were launched off of your computer directly.  Since this is an issue that I know a lot of people run into, I hope that this change makes it easier to use and deploy managed applications. ...

...

The core of this change is a modification in how we assign evidence to network launched applications.  When we see an .exe launched directly off a network share, rather than giving that .exe Zone evidence of LocalInranet, we instead give the .exe Zone evidence of MyComputer.  ...

...

To summarize the under the hood changes, assemblies which will now receive Zone evidence of MyComputer and therefore be fully trusted by default are:

  1. Any managed .exe which is launched directly from a network share
  2. Any assembly in that .exe's process which is loaded from the same directory as the .exe itself was.

Assemblies which will not see this change include:

  1. Assemblies loaded from a subdirectory of the share where the .exe was launched from
  2. Assemblies loaded from shares other than the one where the main .exe was launched
  3. Any assembly loaded on a machine with the LegacyMyComputer registry value set to 1
  4. Any assembly loaded into a CLR host, including assemblies loaded into Internet Explorer as controls.
  5. Any assembly loaded from shares by an application that was launched from the "real" MyComputer zone."

I'm not sure how I feel about this...

On one hand, I think it's great and could help make a number of things in my life easier.

On the other hand, I liked the original restriction as I felt it helped keep my end user workstations a little more secure by lowering their attack profile (i.e. that a .Net app had to be copied to the local machine before it would have Full Trust...).

I do feel that any change to default, out of the box, security will need to be announced loud and clear. The above post is a great first notice, but I hope this change will get future focus and not be lost in all that's being included in SP1 (hence my post about it ;)

Still, all in all, I think this is a good move and one that I look forward too...

No comments: