[Mono-dev] The State Of Mono Assembly Verification?
Miguel de Icaza
miguel at ximian.com
Thu Feb 2 16:27:07 EST 2006
Hello,
> IMHO, verification should be kept separate from the JIT. The job of the JIT is
> to generate machine code _fast_, while the goal of the verifier is to
> be _secure_.
> Mixing the two would probably lead to a JIT which wasn't very fast, and it
> wasn't very secure either. 'We are missing some checks' is a far cry
> from security.
What about this plan:
* Introduce an API in the runtime that verifies an assembly.
* The API can be invoked from a tool, we already have pedump
--verify.
* This API could be exposed to those that do not want to call
an external process to verify.
The API would not be part of the standard JIT processing time, thus we
avoid the performance penalty at JIT time.
Microsoft does this: their runtime does a few checks, but not all the
checks that are done by peverify. Their runtime will happily run
invalid code (storing one kind of pointer into a different kind of
variable).
I wonder when verification is done in the MS runtime for untrusted code
though.
Miguel
More information about the Mono-devel-list
mailing list