[Mono-list] Mono VM security (like SecurityManager in java)

Sebastien Pouliot sebastien.pouliot at gmail.com
Wed Jun 18 22:45:04 EDT 2008 

On Wed, 2008-06-18 at 21:45 -0400, Jonathan Pryor wrote:
> On Wed, 2008-06-18 at 14:01 -0700, casperjeff wrote:
> > This may be a silly question...but I am looking for information on how to
> > secure a mono VM in a way not dissimilar to using a SecurityManager and
> > policy file in java.
> 
> There are two answers:
> 
> 1. The .NET equivalent to Security Manager is Code Access Security
> (CAS).  Google should provide a plethora of material about it.
> 
> 2. Last I heard, Mono's CAS support was fairly limited (lack of
> resources, requires a class library code review, etc.), so I don't know
> if Mono is mature enough for your purposes.  However...
> 
> 3. Silverlight introduces a New, Simpler security model than CAS, and
> Mono will need to implement this model for Silverlight 2.0 support.  I
> don't know when this will be complete either, but I imagine it will be
> available before CAS will be complete.  You might look into this as
> well.

That almost looked like three answers ;-)

Let me resume it into one: 
There is currently no way to execute untrusted code safely using (only)
Mono.


Now in more details...

* Mono Code Access Security (CAS) implementation is incomplete and
unsupported. You're welcome to play with it (see "man mono") and
contributions are welcome - but this is not an easy task (i.e. a few
people asked how, but none ever send any patches). *Nobody* is currently
working on it (or have been working for more than two years).

* The security model used by Silverlight (SL) 2.0, which Moonlight 2.0
must implement, is much easier (to understand and implement) that CAS.
Work on this has started (in the runtime) and will be completed for the
Moonlight 2.0 release (i.e. *people* are working on this).

* CAS and the SL model share some common stuff (like the verifier) so
implementing CAS after Moonlight 2.0 will be easier - *if* someone
decide to so ;-)

* There are some alternatives being used right now that involve custom
code (by embedding mono) to provide a "safety net". Someone could also
use AppArmor policies around a custom mono VM, or application, to
accomplish *some* of CAS goals. This works as long as you understand the
limitations around them (i.e. *you* are taking the responsibility to
filter untrusted code and feed mono only safe code).

Sebastien

More information about the Mono-list mailing list