[Mono-list] Mono VM security (like SecurityManager in java)
Chris Howie
cdhowie at gmail.com
Thu Jun 19 10:18:44 EDT 2008
On Wed, Jun 18, 2008 at 10:45 PM, Sebastien Pouliot
<sebastien.pouliot at gmail.com> wrote:
> * There are some alternatives being used right now that involve custom
> code (by embedding mono) to provide a "safety net". Someone could also
> use AppArmor policies around a custom mono VM, or application, to
> accomplish *some* of CAS goals. This works as long as you understand the
> limitations around them (i.e. *you* are taking the responsibility to
> filter untrusted code and feed mono only safe code).
Another alternative could be to use Cecil to rewrite calls into
certain methods with calls into a gateway function where you can do
the checking yourself. You would have to be careful about reflection
though, you don't want untrusted code bypassing your checks because
they are able to reflect on FileStream.
--
Chris Howie
http://www.chrishowie.com
http://en.wikipedia.org/wiki/User:Crazycomputers
More information about the Mono-list
mailing list