[Opensim-dev] Looking for people with CLI/MSIL experience!

Imaze Rhiano imaze.rhiano at gmail.com
Mon Jul 20 15:42:36 UTC 2009 

No. It is for metadata integrity testing done when assembly is loaded.

Currently Mono runtime assumes that metadata is not hostile and compiler 
produces correct metadata. However, when hackers will start using MSIL 
or similar tool and skip compiler's metadata generation - they can 
generate all kind nice surprises to metadata. For example some 
non-abstract class is inheriting interface, but doesn't implement all 
methods. Runtime is then happily running this assembly - until one of 
interface methods that is not implement is called - then there  BIG 
BADABOOOOM, engineers will start running around server room, bosses will 
take extra vodka martins and CEO is lying to customers like nothing 
happened!

Metadata verifier is designed to avoid situations like this. When 
assembler is loaded it will check metadata's integrity. For example if 
it finds out that some interface methods are not implemented, it will 
throw TypeLoadException and prevents running faulty assembly.

CAS is then totally different beast - I think....

Frisby, Adam kirjoitti:
> Is this a project to implement CAS?
>
> Adam
>
>   
>> -----Original Message-----
>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-
>> bounces at lists.berlios.de] On Behalf Of Imaze Rhiano
>> Sent: Monday, 20 July 2009 12:48 AM
>> To: opensim-dev at lists.berlios.de
>> Subject: [Opensim-dev] Looking for people with CLI/MSIL experience!
>>
>> Hi!
>>
>> Sorry, this is bit off topic, because this message doesn't just concern
>> Open SIM development, it hopefully have also impact to Mono Project and
>> SL.
>>
>> We are looking for people with CLI/MSIL experience - or people who are
>> motivated and quick learners - to join the project which goal is to
>> write test suite for Mono project's metadata verifier. Also persons
>> with
>> less programming experience would be most helpful to join the project -
>> there are lot's of things to do that don't require any programming
>> skills!
>>
>> Metadata verifier is critical component of Mono's sandbox
>> (http://mono-project.com/MonoSandbox).When sandbox is completed it
>> should allow "execute arbitrary untrusted code and ensure that the
>> untrusted code does not compromise the security of the system". It
>> enables  to run safely scripts that are written by C#, VB.NET or other
>> CLI compatible language in SL or Open SIM servers. For Mono, sandbox is
>> one big requirement under their Moonlight project (Open source version
>> of M$ Silverlight) (http://mono-project.com/MoonlightNotes).
>>
>> Currently we are doing very boring task called "reading specifications"
>> - and same time we are collecting rules that are related to metadata
>> verifier to very-big-ebil-list that we can use to generate test cases.
>> When this is done, we hopefully can start writing test cases for
>> metadata verifier. There is already working Mono metadata verifier that
>> can analyze lower level logical format of metadata, but mostly due to
>> lack of tests development has stopped to those tracks. Writing of test
>> cases needs some lower level understanding of the runtime environment -
>> that is where CLI/MSIL experience comes very handy.
>>
>> To get more information about project:
>> - VISIT in our Wiki:
>> http://www.xugumadison.org/csharp-sl/index.php?title=Main_Page
>> (includes
>> meeting minutes, project plan, etc)
>> - CONTACT to me in SL (Imaze Rhiano) or send mail for me
>> - JOIN our SL group "C# Scripters".
>> - JOIN to our next meeting: 10:00 SLT (PDT)/ 17:00 GMT (NO DST!) /
>> 19:00
>> CET- 21th July 2009 - IRC #monodev - http://mono-project.com/IRC
>>
>> If you want know about more Metadata verifier
>> - READ http://mono-project.com/MonoSandbox
>> - CHECK out mono's source code
>> - TALK with Kumpera in #monodev channel - http://mono-project.com/IRC
>>
>> If you are not familiar with CLI/MSIL then you here are some good
>> sources to start with:
>> - Kenny Kerr: Introduction to MSIL
>> (http://weblogs.asp.net/kennykerr/archive/2004/09/07/introduction-to-
>> msil-part-1-hello-world.aspx)
>> - Standard ECMA-335 Common Language Infrastructure (CLI)
>> (http://www.ecma-international.org/publications/standards/Ecma-335.htm)
>> - NET Common Language Runtime Unleashed (book preview)
>> (http://books.google.fi/books?id=3059QRxPNQcC&printsec=frontcover&dq=.n
>> et+common+language+runtime&ei=vhxjSvbBKqK2yATsxIDaDw)
>>
>> Thank you!
>>
>>
>> (Also sorry about my baaaad engrish :P)
>>
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>>     
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
>

More information about the Opensim-dev mailing list