Security issues for Enabling AllowElevatedTrustAppsInBrowser for elevated Silverlight application

2
votes

My understanding is that having AllowElevatedTrustAppsInBrowser = 1 in the registry will apply to all silverlight applications

That is doing the below: Set the DWORD registry key AllowElevatedTrustAppsInBrowser = 1 at SL 64 bit path: HKLM\Software\Wow6432Node\Microsoft\Silverlight SL 32 bit path: HKLM\Software\Microsoft\Silverlight

How much of a security issue would this be for clients. My understanding is that for elevated permissions to run in Silverlight the client still has to install a certificate in it's trusted publishers section which mean only sites that are trusted publishers will have elevated permissions.

Hence this should be safe?

If that is the case then I just need to write an install that can do all this at the client?

And this should not affect clients who do not want the sites permissions to be elevated?

Thanks

2
securitysilverlightelevated-privileges
I cannot use OOB as my website is half html and half SilverlightTheWommies

2 Answers

2
votes

Think like this: Bob and Alice sell hot dogs on the street, each one inside their own van. Both have the appropriate license granted by the mayor's office that allows them to be in this line of work. Alice only uses fresh ingredients and always wakes up early to be able to choose the best ones available. But can Alice say the same about Bob? Both of them are certified by the competent organization, but it would be silly for her to put her hand in the fire for Bob.

TL;DR> No, it is not safe to set that configuration. You would be opening a BIG security hole in your clients, as you are taking from them the choice to give or not greater privileges to a given application. Even if they have installed the certificate, they may choose not to give it full rights.

2
votes

You are correct that you must have both steps taken care of in order to successfully launch the Silverlight application as described in this MSDN article

However, the larger issue involves the fact that disallowing full trust applications is a large part of the security model for Silverlight. If a bad actor knows that your clients must run a full trust application to use your application, then they know they have an attack vector if they can socially engineer a way for your client to accept a publisher certificate that looks like yours. Then they can run whatever they want on your clients machines.

The full trust model was only really useful in an enterprise environment where the certificate acceptance would be more tightly controlled.

I would look to find a way to accomplish your task in HTML/JavaScript. There are many libraries and frameworks now such as Knockout and AngularJS that offer similar productivity measures and an MVVM model that Silverlight gives.