dotgnu-general
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DotGNU]Running mono-compiled/non-verifiable apps

From: Paolo Molaro
Subject: Re: [DotGNU]Running mono-compiled/non-verifiable apps
Date: Tue, 25 Feb 2003 17:09:38 +0100
User-agent: Mutt/1.5.3i 
On 02/25/03 Fergus Henderson wrote:
> > Not really.  The verifier in Portable.NET is intricately tied into the CVM 
> > translation system.  Type checking must be done so that the translator 
> > knows 
> > what kind of CVM bytecodes to emit.  Turning off the verifier would 
> > basically 
> > turn off the interpreter also.
> 
> If so, this behaviour is wrong.  The .NET ECMA spec defines two notions,
> "verifiable" and "valid", and allows the execution of "unverifiable" code,
> provided that it is "valid".  Of course it is usually not safe to run
> untrusted code unless it has been verified.  But it should be possible
> to execute code which is unverifiable but trusted.

To add to what Fergus said, there is still another issue:
not all the checks detailed in the ECMA spec actually matter to
check for verifiable code and the MS runtime doesn't perform those
checks even if the file comes from the network and is untrusted
(though PEVerify does them, even if not all).
One of them is exactly what marcus is complaining about:
[MD]: Error: TypeRef has a duplicate, token=0x0100008e.  [token:0x01000003]
[MD]: Error: TypeRef has a duplicate, token=0x01000003.  [token:0x0100008E]

There is no security issue if the same type is referenced by two
different typeref tokens, so there is no need to perform this check
when running the code.

lupus

-- 
-----------------------------------------------------------------
address@hidden                                     debian/rules
address@hidden                             Monkeys do it better
reply via email to
[Prev in Thread] Current Thread [Next in Thread]