CAS - where we stand
Mono's security manager, the core of Code Access Security (CAS), has been available for testing purpose since version 1.1.4 and was gradually upgraded ever since (with each release I update the bug #52606 and the CAS wiki page).
Today, actually this has been true for quite a while,
we are able to run all of corlib's unit tests without any failure, including an
additional 301 CAS specifc tests (i.e. that aren't normally executed).
We can also execute all
System.Drawing.dll unit tests
or even demanding, UnmanagedCode permissions. We also have a great coverage (including
2450 CAS specific tests) for
System.Web.dll with perfect results (except for a small
mcs bug on partial classes)
and a few more tests (18) for
So what are we lacking exactly ?
Very few features, at least for the 1.x (default) profile. Most missing features, like verification, aren't really in the security manager themselves but they are still very important features (up to the point of making CAS useless). So most of them do not block testing the security manager (you'll need a better excuse here ;-) but they do block it's use for day to day production.
Applications that use, or better require, CAS. So far the only real, open-source
and CAS-aware application has been
It's great one but it doesn't cover the full spectrum of what CAS can accomplish. An easy thing
anyone can do is to use the security manager (still at
mono --security app.exe, from time to time and report any problem on bugzilla.
Feedback! I had few questions about CAS and most of them were very general (i.e. they didn't give me much clue on how people wants to use it). I'm particuliary interested in custom policies people/enterprise are using and any uncommon configuration they use .NET applications (assuming this affects security). Of course more feedback will be greatly welcome ;).
Permissions in the class libraries. Great progress has been made recently but it's still far from complete. A lot more tests and reviewing needs to be done - more on this later...
Support for Fx 2.0 as it introduce new features, additions and changes in the class libraries - althought this isn't, globally, a very high priority some features are easier to add right now than later (mostly for test related reasons).
I'm actually updating my CAS planning, which will be part of another entry, but feel free to contact me or the mono-dev mailing list with your feedback and/or suggestions. Thanks :-)
10/5/2005 15:14:00 | Comments
The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.