[Mono-list] VFAT vs Unix filesystems...
Jaroslaw Kowalski
jarek@atm.com.pl
Thu, 9 Jan 2003 01:10:04 +0100
My 0.02 (again, sorry)
Some posts ago I mentioned the problem with http:// which you cannot
reliably solve on the client side (e.g by telling mono to
try all possible combinations of upper- and lowercase letters forming
assembly name - there's simply too many of them). When you're on your local
FS, this may do, but not on the network (we all love download-on-demand,
don't we?).
I think that the best thing one can do is to ignore the problem and force
application developers to write their code using correct case for dll names.
Another (not so good, IMHO) idea is to add a system-defined lookup table (an
alias file) that defines classes of abstraction, where spelling is likely to
vary among programs, like:
{ System.Xml.dll, System.XML.dll, system.xml.dll }
{ Mono.Data.PostgreSqlClient.dll, Mono.Data.PostgresqlClient.dll }
Third one (which I like least) is some machine-wide option to force some
style of filename casing. Possible values could be:
mono.data.postgresqlclient.dll - all lowercase
Mono.Data.Postgresqlclient.dll - Pascal casing
MONO.DATA.POSTGRESQLCLIENT.DLL - all uppercase (ouch!)
I wouldn't go any further because it may introduce serious versioning or
even security problems as mentioned by some of you. In other words. Assembly
lookup should be as strict as possible.
Jarek
----- Original Message -----
From: "Juli Mallett" <jmallett@freebsd.org>
To: "Simon Waite" <simon@psionics.demon.co.uk>
Cc: "Mono List" <mono-list@ximian.com>
Sent: Thursday, January 09, 2003 12:30 AM
Subject: Re: [Mono-list] VFAT vs Unix filesystems...
> * De: Simon Waite <simon@psionics.demon.co.uk> [ Data: 2003-01-08 ]
> [ Subjecte: Re: [Mono-list] VFAT vs Unix filesystems... ]
> > I maintain the premise that dumbing down the DLL search method is a
> > "Bad Idea"(tm) - depending on which strategy you use to lookup
> > MyAssembly.dll.
> >
> > For instance a malicious user could insert MYASSEMBLY.DLL into the
> > search path, and override the assembly the app is taking. - Possibly
> > with disasterous concequences.
>
> If your search path is vulnerable in this way, there are most likely other
> things they can do, and if not then there may be at some point.
>
> The security concerns for data files are the only ones vaguely real, since
> using /tmp for this sort of thing may be valid.
>
> juli.
> --
> Juli Mallett <jmallett@FreeBSD.org>
> AIM: BSDFlata -- IRC: juli on EFnet.
> OpenDarwin, Mono, FreeBSD Developer.
> ircd-hybrid Developer, EFnet addict.
> FreeBSD on MIPS-Anything on FreeBSD.
>
> _______________________________________________
> Mono-list maillist - Mono-list@ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
>