[Mono-dev] Mono and medium trust

quandary quandary82 at hailmail.net
Sat Sep 3 07:10:49 EDT 2011 

>  You could, but this is not how security evolves ;)

xD I know. But for now, a quick and dirty hack is better than half a
year of work.

Looking at:
mono/metadata/loader.c:mono_lookup_pinvoke_call


I just wanted to say, that looking at the source file, this line hurt my
eye:
if (strstr (new_scope, ".dll") == (new_scope + strlen (new_scope) - 4)) {

If you want to check whether new_scope ends on ".dll", I wouldn't do a
strstr.

I did this one in an aimbot of mine, like this:
if ( (urth_aimAtHead.integer != 0) )
     bHeadInModel= (strstr(modelName, "head")) || (strstr(modelName,
"helmet")) ;

and when I started the program with this modification (as opposed to
without this modification), you just heard the fan start going (every
time), as well as a very obvious CPU-performance related lagging.

I realized I could replace strstr when i just took the ending of the
full model name, added a strrcmp instead of strstr. So strstr(modelName,
"head") became !strrcmp(modelName, "head.md3")
And my performance problems were gone, and the fan stopped immediately.

This is the strrcmp function I used (origining from BSD libc extensions,
BSD license):

bool strrcmp(char* chrptr_SearchIn, char* chrptr_SearchFor)
{
    size_t szeSearchInLength  = strlen(chrptr_SearchIn) ;
    size_t szeSearchForLength = strlen(chrptr_SearchFor) ;
   
    if (szeSearchForLength > szeSearchInLength)
        return false ;   
       
    if (memcmp(chrptr_SearchIn + szeSearchInLength - szeSearchForLength,
chrptr_SearchFor, szeSearchForLength))
        return false ;
    else
        return true ;
}






On 09/02/2011 06:05 PM, Robert Jordan wrote:
> On 02.09.2011 17:29, quandary82 wrote:
>> Couldn't I hack together my own custom mono-runtime version, to block
>> DllImport for all dll's that are not in an allowed-dlls list and
>> System.Diagnostics.Process.Start as well ? 
> You could, but this is not how security evolves ;)
>> System.Diagnosts.Process would be in the mcs class library, but where is 
> Starting processes can be prevented with SELinux or AppArmor.
>> DllImport ? Is it just an attribute ? I suppose there is a wrapper
>> around dlopen/LoadLibrary somewhere ? 
> DllImport is special. A good place to block p/invokes is:
> mono/metadata/loader.c:mono_lookup_pinvoke_call There you can look
> from which assemblies the pinvoke comes from etc. Robert
> _______________________________________________ Mono-devel-list
> mailing list Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ximian.com/pipermail/mono-devel-list/attachments/20110903/1191c1cb/attachment-0001.html

More information about the Mono-devel-list mailing list