[Mono-dev] Running untrusted code

Nican nican132 at gmail.com
Wed Jan 22 04:01:53 UTC 2014


Hello,

I have worked over the past months, as a side project, on implementing Mono
unto the Source Engine, https://github.com/Nican/SharpMod .

One of the features of the project is being able for the server to run
untrusted code on the client machine. From my understanding, Mono provides
a sandboxed environment, http://www.mono-project.com/MonoSandbox, and while
it seems to stop some possible malicious behavior, such as P/Invokes, it
does not seem to stop the untrusted code from performing IO operations,
such as reading a file on my desktop, and other potentially malicious
operations.

Moonlight and Unity seems to perform some kind of code auditing, (
https://github.com/Unity-Technologies/monobuildtools/tree/master/tuning,
https://github.com/mono/moon/tree/master/class/tuning), but I can not
understand how those tools are being used.

Could anyone point me in the direction on how to better trust running
untrusted code?

Cheers,
Nican.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20140121/9ba37ddd/attachment.html>


More information about the Mono-devel-list mailing list