Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why can't strongly named assemblies use assemblies that aren't signed?

To sign an assembly A you have to make sure all assemblies B, C, D that are used by A are signed, and then all assemblies that are used by B, C, D, and so on. I don't understand what's the security benefit of this. I think it's supposed to prevent tampering, but assembly A is allowed to open any file, and these can be tampered. The same goes for an external webserver.

Also, it's too easy to sign an assembly with a .snk file that you make public, sidestepping the requirement.

like image 441
Bruno Martinez Avatar asked May 15 '09 13:05

Bruno Martinez


People also ask

What makes a strong named assembly?

What makes a strong-named assembly? A strong named assembly is generated by using the private key that corresponds to the public key distributed with the assembly, and the assembly itself. The assembly includes the assembly manifest, which contains the names and hashes of all the files that make up the assembly.

How is a strongly named assembly different from one that isn't strongly named?

Strong naming your assembly allows you to include your assembly into the Global Assembly Cache (GAC). Thus it allows you to share it among multiple applications. Strong naming guarantees a unique name for that assembly. Thus no one else can use the same assembly name.

How do you tell if an assembly is strongly named?

To determine if an assembly is strong-typed, use the Strong Name Tool from Microsoft (http://msdn.microsoft.com/en-us/library/k5b5tt23(v=vs.71).aspx) by running the 'sn.exe -v <assembly>' command. You may need to download one of the Windows SDK packages to get access to this tool.

What does signing an assembly mean?

Signing an assembly ensures that the consumer knows its origin and uniquely identifies the component. It makes the physical DLL file tamper-proof. This tutorial will step you through signing an assembly with a strong name key (SNK) in .


2 Answers

The point is that otherwise you could replace assembly B/C/D with a different (hacked) one, and A would never notice; it would load them and execute the code. With strong naming, you can't do this without either re-signing the hacked B/C/D with the same key, or by hacking A.

like image 106
Marc Gravell Avatar answered Sep 27 '22 21:09

Marc Gravell


Another reason for strong naming is versioning. If you reference a strong named assembly, you get that specific version - and it will load its dependencies at the specific versions it relies upon.

EDIT

Example scenario: If you put an assembly in the GAC, it has to be strong named to allow side-by-side versioning. You couldn't put it in the GAC, though, unless its dependencies were also there (otherwise, they'd fail to load at run time). In order for those assemblies to be loaded reliably, they need to be strong named too, and in the GAC.

like image 35
user96705 Avatar answered Sep 27 '22 20:09

user96705