[Mono-dev] The State Of Mono Assembly Verification?
Paolo Molaro
lupus at ximian.com
Fri Feb 3 06:31:32 EST 2006
On 02/02/06 Sebastien Pouliot wrote:
[...]
Excellent mail Sebastien.
Just giving a summary for lazy people.
*) We have plans to make mono execute untrusted code.
*) The more contributions we get in this area, the faster
we'll reach our common goal.
*) Security is tricky, 1 single bug is enough to have no-security
whatsoever.
*) If someone waits for the complete secure code before contributing,
he won't have any code to contribute, so better start sooner:-)
*) We won't give any warranty until the code is complete and
an audit has been done by multiple people with no bugs found.
*) If you need an assurance for a subset of tests, we could give it,
just remember that this doesn't make the complete test case secure.
Example: we can guarantee that a subset of IL code is safe to execute,
this is not hard and can be done in relatively short time.
What matters if this IL subset if sufficient for your needs and
that this doesn'ìt imply that things outside the IL code (such as the
metadata etc are safe).
lupus
--
-----------------------------------------------------------------
lupus at debian.org debian/rules
lupus at ximian.com Monkeys do it better
More information about the Mono-devel-list
mailing list