Bonjour Matthias, On Mon, 2006-05-08 at 10:37 +0200, Matthias Gutheil wrote: > Salut Sebastien, > > many thanks for your detailed answer. > Can I ask you another question?
Sure. I'm c.c.ing the mono-list as the answers can be useful to other people as well... > Can I call mono from Java to compile/run C# code? (It's been a while since I did any Java but) I'm 100% confident that Java can call an external compiler and execute it's output. > We need to compile/run C# code on Linux which we don't trust. Sadly that won't help. It's just like having the MS runtime (with a complete security manager) calling a C compiler and executing the output (or even a Java compiler and a Java application). In your case the Java security manager cannot extend itself to resources it doesn't know (C# compiler and the compiled application). Any application that can call external resources (e.g. p/invoking unmanaged libraries, calling external programs...) must be a (not necessarily fully) trusted application. So neither Java, nor .NET, can enforce their security policies to _external_ process. However there are products, like Novell's AppArmor (now open sourced), that can provide something very similar. http://www.novell.com/products/apparmor/ Regards, Sebastien > Nice greetings from Mannheim > > > erstmal vorne anfangen: > - wie kompiliert man mit mono? > - kann man das programmatisch (aus Java raus) machen? > - wie führt man mit mono etwas aus? > - kann man das programmatisch (aus Java raus) machen? > > > --- Ursprüngliche Nachricht --- > > Von: Sebastien Pouliot <[EMAIL PROTECTED]> > > An: Matthias Gutheil <[EMAIL PROTECTED]> > > Kopie: [email protected] > > Betreff: Re: [Mono-list] Security > > Datum: Sun, 07 May 2006 20:53:15 -0400 > > > > Hello Matthias, > > > > On Sun, 2006-05-07 at 17:47 +0200, Matthias Gutheil wrote: > > > on one of the Mono pages I read that the security manager is not > > complete > > > enough to run not trusted code. Is this still the case? > > > > Yes, it's still true. For many reasons (e.g. auditing the whole class > > library) this wasn't a goal of Mono 1.2, but the current security > > manager is complete enough for interested people that want to play with > > it (e.g. test applications, embedding Mono). > > > > > So when I will run > > > C# code which I not trust, I have a security problem? > > > > Well, there's no simple answer to this simple question, so... > > > > <answer format="short"> > > Yes, you have a security problem if you execute untrusted code. > > > > And this is true for most existing languages/environments. Also note > > that having a (working/complete) security manager doesn't mean you don't > > have a security problem ;-) > > </answer> > > > > <answer format="long"> > > The fact that you have a security problem running untrusted code doesn't > > mean the security manager will solve it. Why ? the security manager is > > there to enforce a security policy, which is selected based on > > evidences. > > > > So depending on how you're executing the untrusted code it is possible > > that the security manager won't do anything to stop "bad things"(tm) > > >from happening. > > > > E.g. you download r3411yc0114pp.zip, decompress and execute it. Because > > the application is executed locally, the evidence will point to the > > local computer and the current user, both of them are trusted (by > > default). The security policy will give this process "full trust" which > > means it can do about anything (good or bad) with your computer. > > > > Now to be (really) useful we need more than a (working) security > > manager, we also need environments that use it. Sadly there are very few > > such environment (generally) and even less for Mono. Some examples are: > > - hosting web applets in a browser (e.g. Java applets, IE for .NET); > > - managed stored proc in a database server (e.g. SQL Server, DB2); > > - a game engine running scripts/bots (e.g. NRobots which works on > > Mono :) > > > > The main point of those environment is to create some limits around what > > can be done. E.g. ever wondered, from an end-user point of view, why a > > screensaver could delete all your files ? > > > > (Current) reality dictates that many kind of applications cannot run > > without having "full trust" (e.g. interoperability with existing > > unmanaged code). On a positive note that means that Mono, even without a > > security manager, is useful and more secure than other technologies > > (e.g. buffer overflows are "more difficult" using managed code). On a > > negative note it means that running untrusted code is still a risky > > business ;-) > > > > p.s. it's a long, but still very incomplete, answer ;-) > > </answer> > > -- > > Sebastien Pouliot <[EMAIL PROTECTED]> > > Blog: http://pages.infinit.net/ctech/ > > > -- Sebastien Pouliot <[EMAIL PROTECTED]> Blog: http://pages.infinit.net/ctech/ _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
