White screen on simulation (.NET CAS problems)

[gsxryan]

Test on Installed: .NET Framework 4.8, or 4.7.2

Symptom: When running a simulation, a blank white screen appears (No graph displayed).

Fix? The possible call to 'file:///C:\' May be escalating security on this path due to it's potential to be a hyperlink. Is it possible to call C:\ directly without the File:///?

I don't understand the .NET sandbox security fully, but i believe the least priv approach is safest. This may be a better key to the fix: https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/bb763046(v=vs.100)?redirectedfrom=MSDN

Workaround: Edit RVisUI.exe.config Below <runtime> Paste: <loadFromRemoteSources enabled="true"/>

Logfile Error: 10:58:31 Failed to load module in C:\Apps\RVis_v0.8.11068.1\module\sensitivity System.IO.FileLoadException: Could not load file or assembly 'file:///C:\Apps\RVis_v0.8.11068.1\module\sensitivity\Sensitivity.dll' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515) File name: 'file:///C:\Apps\RVis_v0.8.11068.1\module\sensitivity\Sensitivity.dll' ---> System.NotSupportedException: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go.microsoft.com/fwlink/?LinkId=155569 for more information.

at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, RuntimeAssembly reqAssembly, StackCrawlMark& stackMark, IntPtr pPrivHostBinder, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, Boolean suppressSecurityChecks, StackCrawlMark& stackMark) at System.Reflection.Assembly.LoadFrom(String assemblyFile) at Ninject.Modules.AssemblyNameRetriever.AssemblyChecker.GetAssemblyNames(IEnumerable1 filenames, Predicate1 filter) at Ninject.Modules.AssemblyNameRetriever.AssemblyChecker.GetAssemblyNames(IEnumerable1 filenames, Predicate1 filter) at Ninject.Modules.AssemblyNameRetriever.GetAssemblyNames(IEnumerable1 filenames, Predicate1 filter) at Ninject.Extensions.Conventions.BindingBuilder.AssemblyFinder.FindAssemblies(IEnumerable1 assemblies, Predicate1 filter) at Ninject.Extensions.Conventions.BindingBuilder.ConventionSyntax.FromAssembliesInPath(String path) at RVisUI.Ioc.AppState.<>c__DisplayClass68_0.b__0(IFromSyntax x) at Ninject.Extensions.Conventions.ExtensionsForIKernel.Bind(IBindingRoot kernel, Action1 configure) at RVisUI.Ioc.AppState.DoDirectoryBind(String directory)

[thehoglet]

@gsxryan Thanks for figuring this out. I agree with your diagnosis.

The use of a file URI here is down to the IoC component RVis uses and the use that component makes of .NET reflection. I'm fairly sure the component is referring to the Codebase property of an assembly (DLL), which can reference either local or remote binaries.

As noted, CAS is disabled by default in recent versions of .NET. Also, without digging further, I can't tell whether the IoC component sandboxes assemblies (in an AppDomain?).

In any event, for as long as RVis dynamically loads its modules, it's going to need the workaround to accommodate a situation like yours. RVis only loads local binaries that are distributed with the app. If the day dawns that RVis fetches an assembly from a remote source, the need for sandboxing will need to be revisited.

[gsxryan]

Absolutely, thank you for researching further!

I believe there are other layers as well that protect from remote execution in most environments. As long as all the links stay local I wouldn't see too much risk adding this line to the default config.
There is a bit, if the attack can exploit the path with the users' permissions. (for example, to overwrite the dll with their own malicious payload). To be extra cautious the sandbox mode would be ideal. Is this something the software can coordinate by default?

If the day comes where outsource (web) links are added, then it would be a bad idea to allow loadfromremotesources by default due to MITM risk.

[thehoglet]

Fixed in v0.9.