<< What's Wrong With This Code? (#9) | Home | Words To Live By - From Google Code Search >>

So, What Was Wrong with That Code Anyway?

WWWTC #9 ranks 10 out of 10 on the "difficult and subtle" scale. Let's say we write the following code to call the method Jill wrote:

Sub ExploitIt(ByVal path As String, ByVal data As Byte())

    Dim j As New JillsObject
    Try
        ' setup an environment that will force
        ' an exception after impersonation starts,
        ' than call into the method

        j.WriteToSensitiveFile(path, data)

    Catch When RunMaliciousCode() = True
        ' ...
    End Try

End Sub

Function RunMaliciousCode() As Boolean

    ' here is your chance to execute code as an admin...

End Function

The problem is that the exception filter (RunMaliciousCode) has a chance to execute before Jill's method turns off impersonation in the finally clause.

I planned on going into more detail, but Jonas provided two links in the comments that point to a pair of excellent posts by Shawn Farkas. See:

Safely Impersonating Another User
Impersonation and Exception Filters in v2.0

Print | posted @ Thursday, December 07, 2006 2:58 AM

Comments on this entry:

Gravatar # re: So, What Was Wrong with That Code Anyway?
by Skup at 12/8/2006 10:58 AM
Really interesting... This feature doesn't exist in C#, it's really hard to figure out this kind of problem ! Once you know it you know how to avoid it.
  
Comments have been closed on this topic.