[Mono-dev] The State Of Mono Assembly Verification?

Jim Purbrick jimpurbrick at yahoo.co.uk
Thu Feb 2 16:47:46 EST 2006

Sounds good!

This is the way we'd ideally like to be able to use
the verifier: call an API from the process which
embeds mono to check the verifiability of an assembly.
If the assembly passes the test we store it as an
asset and allow it to be loaded. If it fails the test
we delete it.

It might also make contributing to complete the
verifier, or reasoning about the completeness of the
verifier easier if it is independent of other code
like the JIT.



--- Miguel de Icaza <miguel at ximian.com> wrote:

> Hello,
> >  IMHO, verification should be kept separate from
> the JIT. The job of the JIT is
> > to generate machine code _fast_, while the goal of
> the verifier is to
> > be _secure_.
> > Mixing the two would probably lead to a JIT which
> wasn't very fast, and it
> > wasn't very secure either. 'We are missing some
> checks' is a far cry
> > from security.
> What about this plan:
> 	* Introduce an API in the runtime that verifies an
> assembly.
> 	* The API can be invoked from a tool, we already
> have pedump
> 	  --verify.
> 	* This API could be exposed to those that do not
> want to call
> 	  an external process to verify. 
> The API would not be part of the standard JIT
> processing time, thus we
> avoid the performance penalty at JIT time.
> Microsoft does this: their runtime does a few
> checks, but not all the
> checks that are done by peverify.  Their runtime
> will happily run
> invalid code (storing one kind of pointer into a
> different kind of
> variable).
> I wonder when verification is done in the MS runtime
> for untrusted code
> though.
> Miguel
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com

Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com

More information about the Mono-devel-list mailing list