I reviewed the .NET Strong Name process several times and I think I like it, but I stayed with what I think is a security issue:
I am working on a system in which we store serialized .NET assemblies in our MS SQL database. They are read by a public web application that deserializes and caches them. This is done to remotely add new plugins without redeploying the web application.
I have some doubts about checking the author. Both the web application and the plugin assemblies have strong names using the same public key. This way I guarantee that the plugins cannot be modified, but I see one scenario in which an attacker can execute his own code:
- The user implements the assembly, which implements the interface that our plugins use (this is not trivial, since the plugins are not distributed - we create them inside).
- The user gives this assembly a strong name for their
- The user manages to embed his assembly in the appropriate table in our database
- The web application downloads this assembly and creates an instance for the interface that the malicious user implemented - now it executes its code
I understand that the .NET Framework will only verify that the assembly has a strong name and that it has not been tampered with - it does not say anything about checking the author.
, , - , . - , , , ? , - , ?
[]
! , - ( ) , . , GetPublicKey() !
, :
private bool ValidateAssembly( byte[] deserializedAssembly ){
byte[] ourKey = Assembly.GetExecutingAssembly().GetName().GetPublicKey();
for (int i=0; i < deserializedAssembly.Length; i++){
if ( deserializedAssembly[i] != outKey[i] )
return false;
}
return true;
}
( )
, , (-) . , API , .