Jump to navigation

Poupou's Corner of the Web

Looking for perfect security? Try a wireless brick.
Otherwise you may find some unperfect stuff here...

Weblog

CAS - where we stand

Mono's security manager, the core of Code Access Security (CAS), has been available for testing purpose since version 1.1.4 and was gradually upgraded ever since (with each release I update the bug #52606 and the CAS wiki page).

Today, actually this has been true for quite a while, we are able to run all of corlib's unit tests without any failure, including an additional 301 CAS specifc tests (i.e. that aren't normally executed). We can also execute all System.Drawing.dll unit tests without requiring, or even demanding, UnmanagedCode permissions. We also have a great coverage (including 2450 CAS specific tests) for System.Web.dll with perfect results (except for a small mcs bug on partial classes) and a few more tests (18) for System.Xml.dll.

So what are we lacking exactly ?

Very few features, at least for the 1.x (default) profile. Most missing features, like verification, aren't really in the security manager themselves but they are still very important features (up to the point of making CAS useless). So most of them do not block testing the security manager (you'll need a better excuse here ;-) but they do block it's use for day to day production.

Applications that use, or better require, CAS. So far the only real, open-source and CAS-aware application has been NRobot. It's great one but it doesn't cover the full spectrum of what CAS can accomplish. An easy thing anyone can do is to use the security manager (still at FullTrust), e.g. mono --security app.exe, from time to time and report any problem on bugzilla.

Feedback! I had few questions about CAS and most of them were very general (i.e. they didn't give me much clue on how people wants to use it). I'm particuliary interested in custom policies people/enterprise are using and any uncommon configuration they use .NET applications (assuming this affects security). Of course more feedback will be greatly welcome ;).

Permissions in the class libraries. Great progress has been made recently but it's still far from complete. A lot more tests and reviewing needs to be done - more on this later...

Support for Fx 2.0 as it introduce new features, additions and changes in the class libraries - althought this isn't, globally, a very high priority some features are easier to add right now than later (mostly for test related reasons).

I'm actually updating my CAS planning, which will be part of another entry, but feel free to contact me or the mono-dev mailing list with your feedback and/or suggestions. Thanks :-)


10/5/2005 15:14:00 | Comments

The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.