[Mono-dev] Mono and medium trust
Robert Jordan
robertj at gmx.net
Fri Sep 2 12:05:19 EDT 2011
On 02.09.2011 17:29, quandary82 wrote:
> Couldn't I hack together my own custom mono-runtime version, to block
> DllImport for all dll's that are not in an allowed-dlls list and
> System.Diagnostics.Process.Start as well ?
You could, but this is not how security evolves ;)
> System.Diagnosts.Process would be in the mcs class library, but where is
Starting processes can be prevented with SELinux or AppArmor.
> DllImport ?
> Is it just an attribute ?
> I suppose there is a wrapper around dlopen/LoadLibrary somewhere ?
DllImport is special.
A good place to block p/invokes is:
mono/metadata/loader.c:mono_lookup_pinvoke_call
There you can look from which assemblies the pinvoke comes from etc.
Robert
More information about the Mono-devel-list
mailing list