Hello Matthias, On Sun, 2006-05-07 at 17:47 +0200, Matthias Gutheil wrote: > on one of the Mono pages I read that the security manager is not complete > enough to run not trusted code. Is this still the case?
Yes, it's still true. For many reasons (e.g. auditing the whole class library) this wasn't a goal of Mono 1.2, but the current security manager is complete enough for interested people that want to play with it (e.g. test applications, embedding Mono). > So when I will run > C# code which I not trust, I have a security problem? Well, there's no simple answer to this simple question, so... <answer format="short"> Yes, you have a security problem if you execute untrusted code. And this is true for most existing languages/environments. Also note that having a (working/complete) security manager doesn't mean you don't have a security problem ;-) </answer> <answer format="long"> The fact that you have a security problem running untrusted code doesn't mean the security manager will solve it. Why ? the security manager is there to enforce a security policy, which is selected based on evidences. So depending on how you're executing the untrusted code it is possible that the security manager won't do anything to stop "bad things"(tm) from happening. E.g. you download r3411yc0114pp.zip, decompress and execute it. Because the application is executed locally, the evidence will point to the local computer and the current user, both of them are trusted (by default). The security policy will give this process "full trust" which means it can do about anything (good or bad) with your computer. Now to be (really) useful we need more than a (working) security manager, we also need environments that use it. Sadly there are very few such environment (generally) and even less for Mono. Some examples are: - hosting web applets in a browser (e.g. Java applets, IE for .NET); - managed stored proc in a database server (e.g. SQL Server, DB2); - a game engine running scripts/bots (e.g. NRobots which works on Mono :) The main point of those environment is to create some limits around what can be done. E.g. ever wondered, from an end-user point of view, why a screensaver could delete all your files ? (Current) reality dictates that many kind of applications cannot run without having "full trust" (e.g. interoperability with existing unmanaged code). On a positive note that means that Mono, even without a security manager, is useful and more secure than other technologies (e.g. buffer overflows are "more difficult" using managed code). On a negative note it means that running untrusted code is still a risky business ;-) p.s. it's a long, but still very incomplete, answer ;-) </answer> -- Sebastien Pouliot <[EMAIL PROTECTED]> Blog: http://pages.infinit.net/ctech/ _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
