[Mono-dev] Running untrusted code
nican132 at gmail.com
Wed Jan 22 04:01:53 UTC 2014
I have worked over the past months, as a side project, on implementing Mono
unto the Source Engine, https://github.com/Nican/SharpMod .
One of the features of the project is being able for the server to run
untrusted code on the client machine. From my understanding, Mono provides
a sandboxed environment, http://www.mono-project.com/MonoSandbox, and while
it seems to stop some possible malicious behavior, such as P/Invokes, it
does not seem to stop the untrusted code from performing IO operations,
such as reading a file on my desktop, and other potentially malicious
Moonlight and Unity seems to perform some kind of code auditing, (
https://github.com/mono/moon/tree/master/class/tuning), but I can not
understand how those tools are being used.
Could anyone point me in the direction on how to better trust running
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mono-devel-list