Hello Stuart, > Firstly, I really don't understand the .NET security architecture > well enough to know how it's supposed to be tackled, and
I normally suggest the ".NET Framework Security" book from LaMacchia et al. but MSDN also has many articles on the subject. You probably already know about it, but if not, you may be interested to look at gotdotnet's Terrarium. http://www.windowsforms.net/default.aspx?tabIndex=6&tabId=42 > secondly, I don't know how much of the necessary stuff is > implemented in Mono. Sadly not enough. > I've also heard that CAS isn't implemented (fully? at all?) in Mono Some classes are present in the class library but the core isn't (runtime/JIT). Right now you should consider CAS as totally non functional. > The Mono roadmap paints a depressing picture of Mono's CAS capabilities >- is that still true? CAS isn't on the roapmap for Mono 1.0. My hope is to have something working (experimental, not secure) for the 1.2 release. > And are there any workarounds? Benjamin Wootton is working on some important parts of CAS for his university project. http://www.benjaminwootton.co.uk/project/ Another possibility is a (automated) audit where you use reflection to ensure that no "illegal" operations (reflection, p/invokes, ...) are done before actually running the assembly. A simple implementation shouldn't be hard but would be far more limiting than what CAS can offer (at least if you want it secure). Contributions welcomed ;-) Sebastien Pouliot http://pages.infinit.net/ctech/poupou.html -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stuart Ballard Sent: 20 avril 2004 10:38 To: mono-list Subject: [Mono-list] Implementing "sandbox" security using Mono In NRobot, I have a pressing need for a security architecture: something that prevents robots from running with full privileges, since in the general case you can't trust the source of all the robots you might want to compete against. Basically, I want to provide the same level of security that Applets have in Java - a "sandbox" in which they can run, without being able to do anything dangerous like access the filesystem or network (except, perhaps, in limited ways that I specify). I have two problems when it comes to implementing this: Firstly, I really don't understand the .NET security architecture well enough to know how it's supposed to be tackled, and secondly, I don't know how much of the necessary stuff is implemented in Mono. My understanding so far is that either Code Access Security (CAS) or AppDomains, or both, are what I need. But I don't understand either of them well enough to know how they help me. I'm pretty sure I need AppDomains anyway because I want to be able to unload, or at least forget about, loaded robot DLLs in order to start a new game with an updated copy, without closing the host process. But I'm not sure whether AppDomains by themselves give me the sandbox security I'm after, or how I'm supposed to talk to the loaded DLLs across an AppDomain boundary. I've also heard that CAS isn't implemented (fully? at all?) in Mono, and that currently Mono has problems with AppDomain unloading. But I don't know what the current state is, how badly they affect my needs, or how soon they are expected to be fully complete. The Mono roadmap paints a depressing picture of Mono's CAS capabilities - is that still true? And are there any workarounds? Thanks for any advice you can give me, Stuart. -- Stuart Ballard, Senior Web Developer NetReach, Inc. (215) 283-2300, ext. 126 http://www.netreach.com/ _______________________________________________ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list _______________________________________________ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
