[Mono-list] Implementing "sandbox" security using Mono

Stuart Ballard sballard@netreach.com
Tue, 20 Apr 2004 10:38:04 -0400

In NRobot, I have a pressing need for a security architecture: something 
that prevents robots from running with full privileges, since in the 
general case you can't trust the source of all the robots you might want 
to compete against.

Basically, I want to provide the same level of security that Applets 
have in Java - a "sandbox" in which they can run, without being able to 
do anything dangerous like access the filesystem or network (except, 
perhaps, in limited ways that I specify).

I have two problems when it comes to implementing this: Firstly, I 
really don't understand the .NET security architecture well enough to 
know how it's supposed to be tackled, and secondly, I don't know how 
much of the necessary stuff is implemented in Mono.

My understanding so far is that either Code Access Security (CAS) or 
AppDomains, or both, are what I need. But I don't understand either of 
them well enough to know how they help me. I'm pretty sure I need 
AppDomains anyway because I want to be able to unload, or at least 
forget about, loaded robot DLLs in order to start a new game with an 
updated copy, without closing the host process. But I'm not sure whether 
AppDomains by themselves give me the sandbox security I'm after, or how 
I'm supposed to talk to the loaded DLLs across an AppDomain boundary.

I've also heard that CAS isn't implemented (fully? at all?) in Mono, and 
that currently Mono has problems with AppDomain unloading. But I don't 
know what the current state is, how badly they affect my needs, or how 
soon they are expected to be fully complete. The Mono roadmap paints a 
depressing picture of Mono's CAS capabilities - is that still true? And 
are there any workarounds?

Thanks for any advice you can give me,


Stuart Ballard, Senior Web Developer
NetReach, Inc.
(215) 283-2300, ext. 126