[Mono-list] VFAT vs Unix filesystems...
Piers Haken
piersh@friskit.com
Wed, 8 Jan 2003 20:13:11 -0800
This is a multi-part message in MIME format.
------_=_NextPart_001_01C2B795.6C84A47C
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Im not sure this is really a problem. I just compiled an EXE on my .NET
box using csc like this:
csc test.cs /r:system.xml.dll
Notice the lower-case reference.
The resulting EXE contained the string 'System.Xml' but did NOT contain
the string 'system.xml' so apparently csc corrects the case for imports.
As long as the DLLs that mono ships are the same case as the MS ones
then everything should just work fine.
Piers.
> -----Original Message-----
> From: Jaroslaw Kowalski [mailto:jarek@atm.com.pl]=20
> Sent: Wednesday, January 08, 2003 4:10 PM
> To: Juli Mallett; Simon Waite
> Cc: Mono List
> Subject: Re: [Mono-list] VFAT vs Unix filesystems...
>=20
>=20
> My 0.02 (again, sorry)
>=20
> Some posts ago I mentioned the problem with http:// which you=20
> cannot reliably solve on the client side (e.g by telling mono=20
> to try all possible combinations of upper- and lowercase=20
> letters forming assembly name - there's simply too many of=20
> them). When you're on your local FS, this may do, but not on=20
> the network (we all love download-on-demand, don't we?).
>=20
> I think that the best thing one can do is to ignore the=20
> problem and force application developers to write their code=20
> using correct case for dll names.
>=20
> Another (not so good, IMHO) idea is to add a system-defined=20
> lookup table (an alias file) that defines classes of=20
> abstraction, where spelling is likely to vary among programs, like:
>=20
> { System.Xml.dll, System.XML.dll, system.xml.dll }
> { Mono.Data.PostgreSqlClient.dll, Mono.Data.PostgresqlClient.dll }
>=20
> Third one (which I like least) is some machine-wide option to=20
> force some style of filename casing. Possible values could be:
>=20
> mono.data.postgresqlclient.dll - all lowercase=20
> Mono.Data.Postgresqlclient.dll - Pascal casing=20
> MONO.DATA.POSTGRESQLCLIENT.DLL - all uppercase (ouch!)
>=20
> I wouldn't go any further because it may introduce serious=20
> versioning or even security problems as mentioned by some of=20
> you. In other words. Assembly lookup should be as strict as possible.
>=20
> Jarek
>=20
> ----- Original Message -----
> From: "Juli Mallett" <jmallett@freebsd.org>
> To: "Simon Waite" <simon@psionics.demon.co.uk>
> Cc: "Mono List" <mono-list@ximian.com>
> Sent: Thursday, January 09, 2003 12:30 AM
> Subject: Re: [Mono-list] VFAT vs Unix filesystems...
>=20
>=20
> > * De: Simon Waite <simon@psionics.demon.co.uk> [ Data:=20
> 2003-01-08 ] [=20
> > Subjecte: Re: [Mono-list] VFAT vs Unix filesystems... ]
> > > I maintain the premise that dumbing down the DLL search=20
> method is a=20
> > > "Bad Idea"(tm) - depending on which strategy you use to lookup=20
> > > MyAssembly.dll.
> > >
> > > For instance a malicious user could insert MYASSEMBLY.DLL=20
> into the=20
> > > search path, and override the assembly the app is taking.=20
> - Possibly=20
> > > with disasterous concequences.
> >
> > If your search path is vulnerable in this way, there are=20
> most likely=20
> > other things they can do, and if not then there may be at=20
> some point.
> >
> > The security concerns for data files are the only ones=20
> vaguely real,=20
> > since using /tmp for this sort of thing may be valid.
> >
> > juli.
> > --
> > Juli Mallett <jmallett@FreeBSD.org>
> > AIM: BSDFlata -- IRC: juli on EFnet.
> > OpenDarwin, Mono, FreeBSD Developer.
> > ircd-hybrid Developer, EFnet addict.
> > FreeBSD on MIPS-Anything on FreeBSD.
> >
> > _______________________________________________
> > Mono-list maillist - Mono-list@ximian.com=20
> > http://lists.ximian.com/mailman/listinfo/mono-list
> >
>=20
>=20
> _______________________________________________
> Mono-list maillist - Mono-list@ximian.com=20
> http://lists.ximian.com/mailman/listinfo/mono-list
>=20
------_=_NextPart_001_01C2B795.6C84A47C
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.0.4417.0">
<TITLE>RE: [Mono-list] VFAT vs Unix filesystems...</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=3D2>Im not sure this is really a problem. I just compiled =
an EXE on my .NET box using csc like this:</FONT>
</P>
<P> <FONT SIZE=3D2>csc test.cs =
/r:system.xml.dll</FONT>
</P>
<P><FONT SIZE=3D2>Notice the lower-case reference.</FONT>
</P>
<P><FONT SIZE=3D2>The resulting EXE contained the string 'System.Xml' =
but did NOT contain the string 'system.xml' so apparently csc corrects =
the case for imports.</FONT></P>
<P><FONT SIZE=3D2>As long as the DLLs that mono ships are the same case =
as the MS ones then everything should just work fine.</FONT>
</P>
<P><FONT SIZE=3D2>Piers.</FONT>
</P>
<P><FONT SIZE=3D2>> -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> From: Jaroslaw Kowalski [<A =
HREF=3D"mailto:jarek@atm.com.pl">mailto:jarek@atm.com.pl</A>] </FONT>
<BR><FONT SIZE=3D2>> Sent: Wednesday, January 08, 2003 4:10 PM</FONT>
<BR><FONT SIZE=3D2>> To: Juli Mallett; Simon Waite</FONT>
<BR><FONT SIZE=3D2>> Cc: Mono List</FONT>
<BR><FONT SIZE=3D2>> Subject: Re: [Mono-list] VFAT vs Unix =
filesystems...</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> My 0.02 (again, sorry)</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Some posts ago I mentioned the problem with <A =
HREF=3D"http://">http://</A> which you </FONT>
<BR><FONT SIZE=3D2>> cannot reliably solve on the client side (e.g by =
telling mono </FONT>
<BR><FONT SIZE=3D2>> to try all possible combinations of upper- and =
lowercase </FONT>
<BR><FONT SIZE=3D2>> letters forming assembly name - there's simply =
too many of </FONT>
<BR><FONT SIZE=3D2>> them). When you're on your local FS, this may =
do, but not on </FONT>
<BR><FONT SIZE=3D2>> the network (we all love download-on-demand, =
don't we?).</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> I think that the best thing one can do is to =
ignore the </FONT>
<BR><FONT SIZE=3D2>> problem and force application developers to =
write their code </FONT>
<BR><FONT SIZE=3D2>> using correct case for dll names.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Another (not so good, IMHO) idea is to add a =
system-defined </FONT>
<BR><FONT SIZE=3D2>> lookup table (an alias file) that defines =
classes of </FONT>
<BR><FONT SIZE=3D2>> abstraction, where spelling is likely to vary =
among programs, like:</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> { System.Xml.dll, System.XML.dll, system.xml.dll =
}</FONT>
<BR><FONT SIZE=3D2>> { Mono.Data.PostgreSqlClient.dll, =
Mono.Data.PostgresqlClient.dll }</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Third one (which I like least) is some =
machine-wide option to </FONT>
<BR><FONT SIZE=3D2>> force some style of filename casing. Possible =
values could be:</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> mono.data.postgresqlclient.dll - all lowercase =
</FONT>
<BR><FONT SIZE=3D2>> Mono.Data.Postgresqlclient.dll - Pascal casing =
</FONT>
<BR><FONT SIZE=3D2>> MONO.DATA.POSTGRESQLCLIENT.DLL - all uppercase =
(ouch!)</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> I wouldn't go any further because it may =
introduce serious </FONT>
<BR><FONT SIZE=3D2>> versioning or even security problems as =
mentioned by some of </FONT>
<BR><FONT SIZE=3D2>> you. In other words. Assembly lookup should be =
as strict as possible.</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Jarek</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> ----- Original Message -----</FONT>
<BR><FONT SIZE=3D2>> From: "Juli Mallett" =
<jmallett@freebsd.org></FONT>
<BR><FONT SIZE=3D2>> To: "Simon Waite" =
<simon@psionics.demon.co.uk></FONT>
<BR><FONT SIZE=3D2>> Cc: "Mono List" =
<mono-list@ximian.com></FONT>
<BR><FONT SIZE=3D2>> Sent: Thursday, January 09, 2003 12:30 AM</FONT>
<BR><FONT SIZE=3D2>> Subject: Re: [Mono-list] VFAT vs Unix =
filesystems...</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> > * De: Simon Waite =
<simon@psionics.demon.co.uk> [ Data: </FONT>
<BR><FONT SIZE=3D2>> 2003-01-08 ] [ </FONT>
<BR><FONT SIZE=3D2>> > Subjecte: Re: [Mono-list] VFAT vs Unix =
filesystems... ]</FONT>
<BR><FONT SIZE=3D2>> > > I maintain the premise that dumbing =
down the DLL search </FONT>
<BR><FONT SIZE=3D2>> method is a </FONT>
<BR><FONT SIZE=3D2>> > > "Bad Idea"(tm) - depending =
on which strategy you use to lookup </FONT>
<BR><FONT SIZE=3D2>> > > MyAssembly.dll.</FONT>
<BR><FONT SIZE=3D2>> > ></FONT>
<BR><FONT SIZE=3D2>> > > For instance a malicious user could =
insert MYASSEMBLY.DLL </FONT>
<BR><FONT SIZE=3D2>> into the </FONT>
<BR><FONT SIZE=3D2>> > > search path, and override the assembly =
the app is taking. </FONT>
<BR><FONT SIZE=3D2>> - Possibly </FONT>
<BR><FONT SIZE=3D2>> > > with disasterous concequences.</FONT>
<BR><FONT SIZE=3D2>> ></FONT>
<BR><FONT SIZE=3D2>> > If your search path is vulnerable in this =
way, there are </FONT>
<BR><FONT SIZE=3D2>> most likely </FONT>
<BR><FONT SIZE=3D2>> > other things they can do, and if not then =
there may be at </FONT>
<BR><FONT SIZE=3D2>> some point.</FONT>
<BR><FONT SIZE=3D2>> ></FONT>
<BR><FONT SIZE=3D2>> > The security concerns for data files are =
the only ones </FONT>
<BR><FONT SIZE=3D2>> vaguely real, </FONT>
<BR><FONT SIZE=3D2>> > since using /tmp for this sort of thing may =
be valid.</FONT>
<BR><FONT SIZE=3D2>> ></FONT>
<BR><FONT SIZE=3D2>> > juli.</FONT>
<BR><FONT SIZE=3D2>> > --</FONT>
<BR><FONT SIZE=3D2>> > Juli Mallett =
<jmallett@FreeBSD.org></FONT>
<BR><FONT SIZE=3D2>> > AIM: BSDFlata -- IRC: juli on EFnet.</FONT>
<BR><FONT SIZE=3D2>> > OpenDarwin, Mono, FreeBSD Developer.</FONT>
<BR><FONT SIZE=3D2>> > ircd-hybrid Developer, EFnet addict.</FONT>
<BR><FONT SIZE=3D2>> > FreeBSD on MIPS-Anything on FreeBSD.</FONT>
<BR><FONT SIZE=3D2>> ></FONT>
<BR><FONT SIZE=3D2>> > =
_______________________________________________</FONT>
<BR><FONT SIZE=3D2>> > Mono-list maillist - =
Mono-list@ximian.com </FONT>
<BR><FONT SIZE=3D2>> > <A =
HREF=3D"http://lists.ximian.com/mailman/listinfo/mono-list">http://lists.=
ximian.com/mailman/listinfo/mono-list</A></FONT>
<BR><FONT SIZE=3D2>> ></FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> =
_______________________________________________</FONT>
<BR><FONT SIZE=3D2>> Mono-list maillist - =
Mono-list@ximian.com </FONT>
<BR><FONT SIZE=3D2>> <A =
HREF=3D"http://lists.ximian.com/mailman/listinfo/mono-list">http://lists.=
ximian.com/mailman/listinfo/mono-list</A></FONT>
<BR><FONT SIZE=3D2>> </FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C2B795.6C84A47C--