[Mono-dev] The State Of Mono Assembly Verification?
Jim Purbrick
jimpurbrick at yahoo.co.uk
Thu Feb 16 16:28:05 EST 2006
OK, I've uploaded a first batch of ~230
verifier tests based on ECMA-335 III here:
http://homepage.ntlworld.com/james.purbrick/VerifierTests.tar
I'd appreciate it if you could take a look and let me
know if they look OK, especially the III,3.1 and
III,3.3 tests which I'll mechanically copy and modify
to make most of the remaining tests. Feel free to
contribute tests of your own though, the README lists
tests that are missing for the ECMA sections that I've
started working on and lists rules I'm not too clear
on.
Most of these tests assemble with both Mono and MS
ILASM except in the cases where the CIL is so borked
that it doesn't make sense (I've left these tests in
for completeness though).
Happily most of the tests are caught by the Mono
runtime which reports that invalid CIL has been found
and aborts (Mono 1.1.13). There are cases that cause
the runtime to crash and others which just run
silently though.
I hope they look OK,
Cheers,
Jim/Babbage.
--- Paolo Molaro <lupus at ximian.com> wrote:
> On 02/02/06 Sebastien Pouliot wrote:
> [...]
>
> Excellent mail Sebastien.
> Just giving a summary for lazy people.
>
> *) We have plans to make mono execute untrusted
> code.
> *) The more contributions we get in this area, the
> faster
> we'll reach our common goal.
> *) Security is tricky, 1 single bug is enough to
> have no-security
> whatsoever.
> *) If someone waits for the complete secure code
> before contributing,
> he won't have any code to contribute, so better
> start sooner:-)
> *) We won't give any warranty until the code is
> complete and
> an audit has been done by multiple people with no
> bugs found.
> *) If you need an assurance for a subset of tests,
> we could give it,
> just remember that this doesn't make the complete
> test case secure.
> Example: we can guarantee that a subset of IL code
> is safe to execute,
> this is not hard and can be done in relatively short
> time.
> What matters if this IL subset if sufficient for
> your needs and
> that this doesn'ìt imply that things outside the IL
> code (such as the
> metadata etc are safe).
>
> lupus
___________________________________________________________
Yahoo! Photos NEW, now offering a quality print service from just 8p a photo http://uk.photos.yahoo.com
More information about the Mono-devel-list
mailing list