Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What are the security implications for accepting anonymous methods (Action<>, Func<>) as parameters?

Tags:

c#

.net

security

action

func

Just as the title says: What, if any, are the security implications that need to be considered when using and/or passing around anonymous methods (Action<>, Func<>) in C#?

A method which accepts Action<>/Func<> seems to be a potential way for foreign code to be injected into a program. For the record, I understand that the injected method or function is not able to do inherently unsafe things in the sense of arbitrary memory access, but I would think that it could allow the calling code to call e.g. arbitrary .Net framework functions, corrupt data, or otherwise cause the application to misbehave.

Is this assumption wrong?

If it is not, what should be done to lock these down? Additionally, is there any way to validate the /Func<> that is passed into a method or function to ensure that it is of an expected form or to restrict its access to certain types and namespaces?

Also, forgive me if I'm not quite using the right terminology, I'm still learning.

like image 654
Nick Bauer Avatar asked Jan 04 '15 17:01

Nick Bauer

2 Answers

A method which accepts Action<>/Func<> seems to be a potential way for foreign code to be injected into a program

That is completely wrong. Whoever is calling your function and passing a delegate is, by definition, already running code in your program.
Any code which is passing a delegate can already do whatever it wants. You cannot have security boundaries within the same AppDomain. (older versions of .Net had Code Access Security, which tried to do this, but was not a good idea)

However, it can create unexpected reentrancies, which can cause issues with thread-safe code.

like image 72
SLaks Avatar answered Nov 15 '22 11:11

SLaks

I'm really asking if there are scenarios

Back when CAS policy was still being used (e.g. medium trust ASP.NET) a trusted piece of code could not safely call untrusted code when stack asserts are present. For example when

new SecurityPermission(Unrestricted).Assert()

was in effect the security check stack walk would stop at this point. That can lead to untrusted code not being detected. See the docs for Assert.

I'm being a little vague here because the scenario is hard to pull off and it is obsolete.

In case there is no trust boundary inside of the same process the caller already has all the power even without injecting code somewhere. No need for that.

like image 24
usr Avatar answered Nov 15 '22 11:11

usr
Sign in to Comment

Related questions

WPF TreeView Items not selectable
Colon Parameters in C#, What does the colon stands for [duplicate]
How to get all the indexes and filter the indexes by using Nest in C#
How to add Click event handler to TextBlock on Window phones
The underlying connection was closed. The server committed a protocol violation
Remove Special characters from file name
Windows phone 8.1 Local Database [closed]
Property Binding Not Updating When ValidationRule Fails
Ambiguous call between overloads of two-way implicit castable types when a derived type of one is passed as parameter
Call an action method from layout in ASP.NET MVC
Conditional Compilation in Referenced Assemblies
SQLite Connection not working in C#
Fastest way for Get Value of a property (Reflection) in C#
Resizing and cropping images using ImageResizer
Reactive Extensions - Deserializing stream from IObservable<byte[]> into individual delimited messages without the use of a Subject
Where is the class ManageUserViewModel?
XAML equivalent of a foreach
How do I use indexOf() case insensitively?
Why is Unity crashing when I press play in the editor?
Method that accepts both float[] and double[] arrays

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!