[Mono-list] Embedding Mono for scripting and sandboxing file access

Sebastien Pouliot spouliot@videotron.ca
Wed, 09 Feb 2005 08:06:40 -0500


Hey!

> Which seems easy enough, if that is in fact how it works.  My major
> concern is that scripts being called could be major security risks to
> the system they're run on.  

Depending on who's providing the script versus who's providing the 
system they sure could be very dangerous.

> I was thinking as a possible solution to
> the problem of file IO access, would be to provide a custom
> system.io.fileaccess set when I compile the mono library, denying
> access to either certain directories, or returning error codes / null
> values from the function calls to elimate file access entirely (it
> should not be needed for this application, I can provide hardcoded
> methods myself if need be).

This looks a lot like IsolatedStorage (see System.IO.IsolatedStorage 
namespace in mscorlib.dll).

> Since I was planning on the library being linked statically, the
> changes would only effect the internal scripts and not any other mono
> applications.  Does this sound feasable, 

Yes but it may be incomplete. As long as people can either P/Invoke 
unmanaged code, use reflection and/or call into Mono's internal calls
(runtime) the same problem persist (don't take that as an exhaustive
list ;-).

> am I on the wrong track, or is there an easier way?  

This scenario (running partially trusted code) is covered in .NET by
CAS (Code Access Security). You may want to read about this at MSDN.

Mono support for CAS is (very) incomplete at this point. The Mono 1.1.x
branch has _some_ support for it (more in the soon-to-be-released 1.1.4)
but it's still a long way of providing a secure environment to execute
partially trusted code.

But I'm always looking for volunteers to help - either directly in Mono,
or indirectly by writing applications using the features (which could be
very interesting as long as you are not in a hurry of releasing ;-).

> If this does sound feasable (I know its kind
> of a long shot) then are there any other libraries I should consider
> for this method, or at least look at securing somehow?  I'm open to
> any suggestions!

There are also other techniques like white-listing, pre-processing 
scripts/compiled assemblies ... but they all have their own drawbacks

> Thanks ahead of time!
> -J Lothian
> _______________________________________________
> Mono-list maillist  -  Mono-list@lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list