[Mono-devel-list] Code Access Security - Initial thought
vargaz at freemail.hu
Thu Dec 18 15:20:47 EST 2003
Be advised that implementing CAS makes little sense
a security audit of the runtime and the class libraries.
runtime is not very secure, i.e. it does little validation
of the loaded
assemblies, there is no mechanism for handling stack
Ben <benjaminwootton at hotpop.com> írta:
> Here are my very early thoughts on how code access
security would be
> 1. Start off by specifying permission request/denials
> attributes) at the assembly level.
> 2. The assembly metadata is checked at load time.
Requests for certain
> permissions, such as LinkDemand, will be made here.
> 3. When other demands are made, the we call into the
runtime and asks for
> permissions for each item on the call stack. Initially,
all requests are
> accepted. It's then a matter of discussing how to
distinguish code based
> on evidence, administrator defined code groups etc. This
logic can then be
> reponsible for throwing any exceptions on faliures.
> 4. Add the concept of assertions to the stack walking
code, for efficiency.
> Any comments, or pointers to relevant code? I'm still
getting to grips
> with the mono code....
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
More information about the Mono-devel-list