[Mono-dev] The State Of Mono Assembly Verification?

Miguel de Icaza miguel at ximian.com
Thu Feb 2 16:27:07 EST 2006


>  IMHO, verification should be kept separate from the JIT. The job of the JIT is
> to generate machine code _fast_, while the goal of the verifier is to
> be _secure_.
> Mixing the two would probably lead to a JIT which wasn't very fast, and it
> wasn't very secure either. 'We are missing some checks' is a far cry
> from security.

What about this plan:

	* Introduce an API in the runtime that verifies an assembly.

	* The API can be invoked from a tool, we already have pedump

	* This API could be exposed to those that do not want to call
	  an external process to verify. 

The API would not be part of the standard JIT processing time, thus we
avoid the performance penalty at JIT time.

Microsoft does this: their runtime does a few checks, but not all the
checks that are done by peverify.  Their runtime will happily run
invalid code (storing one kind of pointer into a different kind of

I wonder when verification is done in the MS runtime for untrusted code


More information about the Mono-devel-list mailing list