Hello, I have worked over the past months, as a side project, on implementing Mono unto the Source Engine, https://github.com/Nican/SharpMod .
One of the features of the project is being able for the server to run untrusted code on the client machine. From my understanding, Mono provides a sandboxed environment, http://www.mono-project.com/MonoSandbox, and while it seems to stop some possible malicious behavior, such as P/Invokes, it does not seem to stop the untrusted code from performing IO operations, such as reading a file on my desktop, and other potentially malicious operations. Moonlight and Unity seems to perform some kind of code auditing, ( https://github.com/Unity-Technologies/monobuildtools/tree/master/tuning, https://github.com/mono/moon/tree/master/class/tuning), but I can not understand how those tools are being used. Could anyone point me in the direction on how to better trust running untrusted code? Cheers, Nican.
_______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
