# Monday, April 18, 2005
« Saxon.NET RC1 | Main | IKVM 0.14 rc1 »
Whidbey Beta 2

I downloaded Whidbey Beta 2 from MSDN (subscription required) and installed it on my AMD64 machine (recently repaved with WinXP x64 RTM). Installation went very smooth and IKVM builds and runs its test suite (without requiring the workaround that the Februari CTP needed).

My Very Own Breaking Change

A long time ago I wrote about problems with the C# destructor and used System.WeakReference as example. Recently I discovered a related, but more serious problem with System.WeakReference and reported it to Microsoft.

Here is some evil code:

using System;
class Class1 : WeakReference
    Class1(object obj)
      : base(obj)
    static void Main(string[] args)
        Class1 r = new Class1("foo");
        Class1 clone = (Class1)r.MemberwiseClone();
        new Class1("bar");

The last statement prints out bar. Notice that we aren't supposed to have a reference to bar. This is a variation of a handle recycle attack.

In Beta 2 this problem was "fixed" by adding an unmanaged code inheritance demand to System.WeakReference, so untrusted code will not be able to subclass WeakReference (which is needed to get access to MemberwiseClone). This is a (minor) breaking change, but obviously the right thing to do.

Monday, April 18, 2005 9:04:12 PM (W. Europe Daylight Time, UTC+02:00)  #    Comments [1]
Sunday, January 11, 2009 8:07:38 PM (W. Europe Standard Time, UTC+01:00)
The "fix" (adding an unmanaged code inheritance demand for class WeakReferece) is to broad I think. Why not add unmanaged code demand on MemberwiseClone() only?

class WeakReference
[SecurityPermission(SecurityAction.Demand, Flags = SecurityPermissionFlag.UnmanagedCode)]
public new object MemberwiseClone()
return base.MemberwiseClone();
Gunnar Dalsnes
Comments are closed.