[Mono-list] Re: Question in Interop

Robert Jordan robertj at gmx.net
Mon Oct 10 18:46:31 EDT 2005


> Sebastian had replied to my earlier query for safety
> from unmanaged code by sandboxing it in a separate app
> domain.
> 
> I read the links :
> http://pages.infinit.net/ctech/20050520-0735.html
> 
> http://pages.infinit.net/ctech/20050623-0432.html
> 
> 
> Is the sandboxing based on providing code based and
> role based security of the modules ? ie. ensuring that
> the managed code trusts the Unamanged code?

Yes, but the robots don't have unmanaged code
access. They are limited to the so called
"Internet" permission set, which provides only basic
functionality (no file & net access, and, of course,
NO unmanaged code access).

It's called "Internet", because it is intended
to be applied to code that was downloaded from
the internet.

> If for instance we give the unmanaged code permit to
> execute and it (unmanaged code) maligns some raw
> address, this sandboxing might not be able to protect
> it ? i.e the faults will  not be sandboxed to the
> unmanaged app domain only.

No, the sandbox won't be able to protect against
unmanaged code doing bad things.

If you want some kind of protection, you may run the
unmanaged code in another managed process that
communicates with the main app using .NET remoting.
Anyway, this *won't* be safer. It might help
to "rescue" the main app, but what is that protection
good for, if the untrusted unmanged code in
the other process is just deleting your harddrive ;-)

Neither mono nor .NET are sandboxes for *unmanaged*
code.

Robert



More information about the Mono-list mailing list