[Mono-devel-list] mono --security

Sebastien Pouliot sebastien at ximian.com
Mon Jan 24 09:17:22 EST 2005


During the weekend I checked the new --security option for Mono into
SVN. This switch is used to enable the security manager which is, by
default, OFF.

This means it will soon be possible to test _some_ security code, like
CAS permissions, with the runtime. However the permissions checks aren't
yet in the class library so this is currently not supported (and
definitively not helpful for current use).

Speaking of the class library, I'll start adding some permissions
(mainly SecurityPermission) inside corlib this week. Note that this
*shouldn't* affect runtime execution of mono unless you use the
--security option.

In order to build more test cases I'll also try to implements all
security checks in the System.Environment class. Why this one ?

* it's has it's own permission, EnvironmentPermission;
* it has both declarative and imperative security checks;
* it requires other permissions like SecurityPermission (UnmanagedCode)
and FileIOPermission (PathDiscovery);
* it depends on other classes security (e.g. System.IO.Directory for
get/set CurrentDirectory);
* it deals with internal calls (into the runtime);

So it's not an simple one but it will, hopefully, expose some bugs in
the current code and give me some ideas on this (permission spraying)
can be done effectively for the whole class library in the future.

For those interested I'll probably be blogging about this process (the
good, the bad and the ugly) in the next weeks.

Experimenters and comments welcome :-)
Sebastien Pouliot  <sebastien at ximian.com>
blog: http://pages.infinit.net/ctech/poupou.html

More information about the Mono-devel-list mailing list