[Mono-dev] Mono and medium trust

Robert Jordan robertj at gmx.net
Fri Sep 2 12:05:19 EDT 2011


On 02.09.2011 17:29, quandary82 wrote:
> Couldn't I hack together my own custom mono-runtime version, to block
> DllImport for all dll's that are not in an allowed-dlls list and
> System.Diagnostics.Process.Start as well ?

You could, but this is not how security evolves ;)

> System.Diagnosts.Process would be in the mcs class library, but where is

Starting processes can be prevented with SELinux or AppArmor.

> DllImport ?
> Is it just an attribute ?
> I suppose there is a wrapper around dlopen/LoadLibrary somewhere ?

DllImport is special.

A good place to block p/invokes is:

mono/metadata/loader.c:mono_lookup_pinvoke_call

There you can look from which assemblies the pinvoke comes from etc.

Robert



More information about the Mono-devel-list mailing list