Menu
All .NET assemblies in the BCL & CLR (onwards just CLR will be used) are both strongly named and digitally signed. Digital certificates are provided to give a measure of trust that the assembly has not been tampered with or replaced. However it does not appear that .NET ever checks the digital signature (it can check the strong name as Hans pointed out).
It makes sense that checking on assembly load is flawed becaused an modified CLR could fake the answers. My thinking is that the only safe place from the perspective of .NET1 to check is on start of the framework as part of the unmanaged code that boot straps the framework. Big downside is the performance impact.
I am looking at this from the perspective of a developer, in otherwords how do I know that my application is not being compromised by an already owned CLR2, or put another way is there anyway for an application to trust the CLR?
So my question is why does .NET not verify the CLR? Is it because the performance impact or is there more to it?
538
This was changed in .NET 3.5 SP1, intended as a startup perf improvement for apps that run in full trust to give them parity with native programs which do no such checking. Verifying the strong name is expensive and cold starts on managed programs tend to be slow due to the large number of DLLs. You can turn it back on with the .config file:
<configuration>
<runtime>
<bypassTrustedAppStrongNames enabled="false"/>
</runtime>
</configuration>
Or by editing a registry key so it is in effect for all .NET programs:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework]
"AllowStrongNameBypass"=dword:00000000
Also set the HKLM\Software\Wow6432Node key on a 64-bit machine.
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
