OdeToCode IC Logo

So, What Was Wrong with That Code Anyway?

Thursday, December 7, 2006

WWWTC #9 ranks 10 out of 10 on the "difficult and subtle" scale. Let's say we write the following code to call the method Jill wrote:

Sub ExploitIt(ByVal path As String, ByVal data As Byte())

    Dim j As New JillsObject
    Try
        ' setup an environment that will force
        ' an exception after impersonation starts,
        ' than call into the method

        j.WriteToSensitiveFile(path, data)

    Catch When RunMaliciousCode() = True
        ' ...
    End Try

End Sub

Function RunMaliciousCode() As Boolean

    ' here is your chance to execute code as an admin...

End Function

The problem is that the exception filter (RunMaliciousCode) has a chance to execute before Jill's method turns off impersonation in the finally clause.

I planned on going into more detail, but Jonas provided two links in the comments that point to a pair of excellent posts by Shawn Farkas. See:

Safely Impersonating Another User
Impersonation and Exception Filters in v2.0

All My Pluralsight Courses Pluralsight

K.Scott Allen OdeToCode by K. Scott Allen
RSS Subscribe
Follow Me Twitter
Search Search
About About
Learn C# Fundamentals Learn C#
Learn Web Development with ASP.NET Core Learn ASP.NET Core
Learn Azure Learn Azure