[Mono-dev] Mono sandbox is not verifying on load

[Robert Jordan]

On 04.05.2010 18:48, Pete Forman wrote:
> I would like to verify all byte code when it is loaded into embedded
> Mono. Verification has been turned on using
> mono_security_enable_core_clr() but that is only performing
> verification when the code is executed.
>
> My test cases are based on some working code that has been
> disassembled to IL. An 'add' instruction without any preceding loads
> is inserted into (case A) the constructor or (case B) another method.
> It is expected that "System.InvalidProgramException: Stack underflow,
> required 2, but have 0 at 0x0000" be thrown.
>
> Case A does produce the exception as the object is constructed when I
> load the assembly.
>
> Case B does not produce the exception when I load it. It does when the
> hacked method is called.
>
> pedump successfully identifies the errors in both cases (as does
> peverify in .Net).

mono_security_enable_core_clr() is not intended to start
a full IL validation. It rather ensures that the verifier
will detect whether the assembly is verifiable, i.e.
it won't crash later on during the IL validation that will
be performed lazily (JIT-driven) at runtime.

OTOH, pedump & peverify are not JIT-driven. They are eagerly
IL-validating every method.

If you need this functionality, then have a look at
how metadata/peverify.c is iterating over the methods
while invoking the verifier on each one.

Robert