[Mono-dev] Mono 1.1.17 has been released.
Robert Jordan
robertj at gmx.net
Wed Aug 30 10:40:00 EDT 2006
Sebastien Pouliot wrote:
> On Wed, 2006-08-30 at 14:45 +0200, Robert Jordan wrote:
>
>> About Mono's plugin: w/out a working CAS it's grossly negligent
>> to even think about an implementation that allows the execution
>> of assemblies from untrusted sources. Even if they were signed
>> with God's own key, they still were insecure to execute.
>> Let's not beat this dead horse again.
>
> He's dead Jim... huh I meant, it's not dead yet Robert ;-)
>
> Seriously there are, at least, three reasons to implement this.
>
> First, divide and conquer. It can be done in parallel with the CAS
> implementation (and related tasks). There seems to be little to gain
> from having it without CAS, however there's also little gain in
> completing CAS if there's no applications that can take advantage of it.
Sorry, I exaggerated a little bit. Of course this could
be done in parallel.
> Second, there are scenarios where FullTrust|Nothing is a valid choice.
Indeed, but since we were speaking about a generic browser plugin,
low trust is rather the usual trust level. See JavaScript, Java Plugin,
Flash.
> Company A deploys FireFox (on top of Linux, of course ;-) and a
> mono-plugin configured to accept signed applications (i.e.
> assemblies) from "Company A" only. In this case this is an
> (non-existing) technological choice to deploy corporate
> applications yet it totally avoid the "untrusted source"
> problem.
Ok, that's a subset of the CAS.
> Third, this could be the idea of fun to somebody and I feel obligated to
> encourage such individuals ;-)
Of course. I didn't intend to yell "stop energy" :-)
Robert
More information about the Mono-devel-list
mailing list