[Mono-list] Embedding Mono for scripting and sandboxing file access

J Lothian J Lothian <rhalin@gmail.com>
Tue, 8 Feb 2005 17:00:38 -0600


Had a few questions about Mono.  I'm looking to include it in a
cross-platform application to provide scripting for the application's
objects.  My understanding thus far, is that you can load any CIL
compiled code, correct?  Would it just be a matter of including a
compiler as well for whatever language I'd want to support?

App compiles code, app exposes some functions(mono_add_internal_call),
app loads code into mono (mono_jit functions), app calls functions
within script on certain events (mono_runtime_invoke)

Which seems easy enough, if that is in fact how it works.  My major
concern is that scripts being called could be major security risks to
the system they're run on.  I was thinking as a possible solution to
the problem of file IO access, would be to provide a custom
system.io.fileaccess set when I compile the mono library, denying
access to either certain directories, or returning error codes / null
values from the function calls to elimate file access entirely (it
should not be needed for this application, I can provide hardcoded
methods myself if need be).

Since I was planning on the library being linked statically, the
changes would only effect the internal scripts and not any other mono
applications.  Does this sound feasable, am I on the wrong track, or
is there an easier way?  If this does sound feasable (I know its kind
of a long shot) then are there any other libraries I should consider
for this method, or at least look at securing somehow?  I'm open to
any suggestions!

Thanks ahead of time!
-J Lothian