Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec: Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

Re: [Full-disclosure] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

From: <Valdis.Kletnieks_at_vt.edu>
Date: Sat, 25 Mar 2006 21:25:42 -0500

On Sat, 25 Mar 2006 11:39:19 GMT, Dinis Cruz said:

> Finally, you might have noticed that whenever I talked about 'managed
> code', I mentioned 'managed and verifiable code', the reason for this
> distinction, is that I discovered recently that .Net code executed under
> Full Trust can not be (or should not be) called 'managed code', since
> the .Net Framework will not verify that code (because it is executed
> under Full Trust). This means that I can write MSIL code which breaks
> type safety and execute it without errors in a Full Trust .Net environment.

I'm not sure which is stronger at the moment, the "that's scary" implications
or the "why did they *bother*?" implications....

application/pgp-signature attachment: stored

Received on Mar 25 2006

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]