Pilon Mntry wrote:
[snip]
What about
using the
facilities already provided by the OS to enforce the
sandbox?
But then will it be possible to prevent buffer
overflows, still running on unmanaged code?
There are Pax patches for Linux kernel, *BSD has their own flavour (the
name slips my memory) and I believe since service pack 2 XP had some
form of SSP. (Which I've only heard about and not seen nor used.)
If you have managed code concerns the Mono [1] project is certainly a
work in progress, but over the next year I'd like to help overcome any
obvious oversights in security. Novell has some bright developers
dedicated to security alone and that might be something to look at. Ask
or give suggestions on the Mono users-list as it's always appreciated.
Cheers,
C.
[1] www.mono-project.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/