Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...


New security features in Mono 1.1.4

Rejoy! Mono 1.1.4 is out and full of new goodies :-)


The most interesting feature, at least from my point of view ;-), is that Code Access Security (CAS) can now be used with Mono. This is the first version were end-users can see visible progress since CAS first steps last summer.

Mono 1.1.4 supports a new --security switch to enable the security manager - which is responsable (among other things) for CAS. The security manager allows stack walks, and other security actions, to occurs when permissions are demanded either by the user or the runtime itself. This is still a work in progress and very few permissions are present at this time in the class library but the core is there! More details about what you can (and can't) do with CAS next week...

In the mean time, and if you want to learn more about CAS in general, I suggest you read the recent article "An Introduction to Code Access Security" from Keith Brown on MSDN.

New and updated tools

The certmgr tool has been updated to download certificates, including up-to the root certificate if desired.

certmgr.exe -ssl https://www.verisign.com

This can be done from any SSL session (as long as you supply the port number for non-Fx protocol), e.g.

certmgr -ssl ldaps://www.nldap.com:636

There are a few possible problems (like old root certificates using MD2 in their signature) so be sure to read the man page if it doesn't work.

Other recent security tool additions are caspol.exe to edit Code Access Security policies for Mono (not well tested at this stage) and permview.exe to display the declarative security attributes inside an assembly. The current permview.exe is rather limited but a future Cecil-based version will do a lot of cool stuff.

2/18/2005 16:25:22 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.