[Mono-list] Implementing "sandbox" security using Mono
Tue, 20 Apr 2004 10:38:04 -0400
In NRobot, I have a pressing need for a security architecture: something
that prevents robots from running with full privileges, since in the
general case you can't trust the source of all the robots you might want
to compete against.
Basically, I want to provide the same level of security that Applets
have in Java - a "sandbox" in which they can run, without being able to
do anything dangerous like access the filesystem or network (except,
perhaps, in limited ways that I specify).
I have two problems when it comes to implementing this: Firstly, I
really don't understand the .NET security architecture well enough to
know how it's supposed to be tackled, and secondly, I don't know how
much of the necessary stuff is implemented in Mono.
My understanding so far is that either Code Access Security (CAS) or
AppDomains, or both, are what I need. But I don't understand either of
them well enough to know how they help me. I'm pretty sure I need
AppDomains anyway because I want to be able to unload, or at least
forget about, loaded robot DLLs in order to start a new game with an
updated copy, without closing the host process. But I'm not sure whether
AppDomains by themselves give me the sandbox security I'm after, or how
I'm supposed to talk to the loaded DLLs across an AppDomain boundary.
I've also heard that CAS isn't implemented (fully? at all?) in Mono, and
that currently Mono has problems with AppDomain unloading. But I don't
know what the current state is, how badly they affect my needs, or how
soon they are expected to be fully complete. The Mono roadmap paints a
depressing picture of Mono's CAS capabilities - is that still true? And
are there any workarounds?
Thanks for any advice you can give me,
Stuart Ballard, Senior Web Developer
(215) 283-2300, ext. 126