| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200603260225.k2Q2PgNZ018559@turing-police.cc.vt.edu> Date: Sun Mar 26 03:25:58 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code On Sat, 25 Mar 2006 11:39:19 GMT, Dinis Cruz said: > Finally, you might have noticed that whenever I talked about 'managed > code', I mentioned 'managed and verifiable code', the reason for this > distinction, is that I discovered recently that .Net code executed under > Full Trust can not be (or should not be) called 'managed code', since > the .Net Framework will not verify that code (because it is executed > under Full Trust). This means that I can write MSIL code which breaks > type safety and execute it without errors in a Full Trust .Net environment. I'm not sure which is stronger at the moment, the "that's scary" implications or the "why did they *bother*?" implications.... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 228 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060325/09b2d87f/attachment.bin
Powered by blists - more mailing lists