Poupou's Corner of the Web

CAS

Mono 1.1.8 been released this week. Just like the 1.1.4 release this one includes some important new CAS features, like:

• AppDomain based sandboxes;
• Stack propagation for async code, threads and SWF; and
• some default policies (like Internet...).

NRobot

The new CAS features allows Mono to execute NRobot in a sandbox. Both the GTK# version and the System.Windows.Form version can be played in the sandbox by doing a single change in the NRobot/Engine/GameArena.cs source file (to change an imperative Assert to a declarative Assert). Future version of NRobot shouldn't require this change. Once done you can start the client like this:

~/cvs/nrobot> mono --security bin/NRobotGTK.exe Bots/Mono

You can substitute bin/NRobotGTK.exe with bin/NRobotWin.exe to try the prettier but slower (probably both because of Cairo) SWF client.

Now we'll need a BadBot to test the sandbox. The easiest way is to modify an existing bot, so I modified the aggresive Follower.cs bot to read the current username, i.e. Environment.UserName, after more than 256 times. Executing the client with this BadBot will result in the bot's suicide while the game continue with the remaining bots.

Quite cool :-) but remember that most of the class libraries doesn't have their permissions and that even the parts that have them hasn't been audited.

Integer overflows

I do read a lot but but I didn't knew integer overflows added a six week delay to Windows XP SP2. Not that it means much without knowing how many people were fixing them, but still interesting knowing the resources available.

Hash collisions

MD5 hash collisions made on certificates and for some "meaningful" documents. As they say: Security attacks only gets better, never worst.