From 7c5d2057c0153c8bfa6f1836507df6c59a7f69d4 Mon Sep 17 00:00:00 2001
From: Andrew Au <andrewau@microsoft.com>
Date: Thu, 16 May 2024 12:18:46 -0700
Subject: [PATCH] Comments (#102325)

* Comments

* Update src/coreclr/nativeaot/Runtime/clrgc.enabled.cpp

Co-authored-by: Jan Kotas <jkotas@microsoft.com>

---------

Co-authored-by: Jan Kotas <jkotas@microsoft.com>
---
 src/coreclr/nativeaot/Runtime/clrgc.enabled.cpp | 9 +++++++++
 src/coreclr/vm/gcheaputilities.cpp              | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/src/coreclr/nativeaot/Runtime/clrgc.enabled.cpp b/src/coreclr/nativeaot/Runtime/clrgc.enabled.cpp
index c552db3f494a5..678242e31cf2f 100644
--- a/src/coreclr/nativeaot/Runtime/clrgc.enabled.cpp
+++ b/src/coreclr/nativeaot/Runtime/clrgc.enabled.cpp
@@ -120,6 +120,15 @@ HRESULT GCHeapUtilities::InitializeStandaloneGC()
     NewArrayHolder<char> moduleNameHolder(moduleName);
     if (!modulePath)
     {
+        //
+        // This is not a security feature.
+        // The libFileName originates either from an environment variable or from the runtimeconfig.json
+        // These are trusted locations, and therefore even if it is a relative path, there is no security risk.
+        //
+        // However, users often don't know the absolute path to their coreclr module, especially on production. 
+        // Therefore we allow referencing it from an arbitrary location through libFilePath instead. Users, however
+        // are warned that they should keep the file in a secure location such that it cannot be tampered. 
+        //
         if (!ValidateModuleName(moduleName))
         {
             LOG((LF_GC, LL_FATALERROR, "GC initialization failed to load the Standalone GC library.\n"));
diff --git a/src/coreclr/vm/gcheaputilities.cpp b/src/coreclr/vm/gcheaputilities.cpp
index 618d9f6a8b722..2f588ae6bdaec 100644
--- a/src/coreclr/vm/gcheaputilities.cpp
+++ b/src/coreclr/vm/gcheaputilities.cpp
@@ -171,6 +171,15 @@ HMODULE LoadStandaloneGc(LPCWSTR libFileName, LPCWSTR libFilePath)
         return CLRLoadLibrary(libFilePath);
     }
 
+    //
+    // This is not a security feature.
+    // The libFileName originates either from an environment variable or from the runtimeconfig.json
+    // These are trusted locations, and therefore even if it is a relative path, there is no security risk.
+    //
+    // However, users often don't know the absolute path to their coreclr module, especially on production. 
+    // Therefore we allow referencing it from an arbitrary location through libFilePath instead. Users, however
+    // are warned that they should keep the file in a secure location such that it cannot be tampered. 
+    //
     if (!ValidateModuleName(libFileName))
     {
         LOG((LF_GC, LL_INFO100, "Invalid GC name found %s\n", libFileName));