[Mono-dev] Running untrusted code
Nican
nican132 at gmail.com
Wed Jan 22 04:01:53 UTC 2014
Hello,
I have worked over the past months, as a side project, on implementing Mono
unto the Source Engine, https://github.com/Nican/SharpMod .
One of the features of the project is being able for the server to run
untrusted code on the client machine. From my understanding, Mono provides
a sandboxed environment, http://www.mono-project.com/MonoSandbox, and while
it seems to stop some possible malicious behavior, such as P/Invokes, it
does not seem to stop the untrusted code from performing IO operations,
such as reading a file on my desktop, and other potentially malicious
operations.
Moonlight and Unity seems to perform some kind of code auditing, (
https://github.com/Unity-Technologies/monobuildtools/tree/master/tuning,
https://github.com/mono/moon/tree/master/class/tuning), but I can not
understand how those tools are being used.
Could anyone point me in the direction on how to better trust running
untrusted code?
Cheers,
Nican.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20140121/9ba37ddd/attachment.html>
More information about the Mono-devel-list
mailing list