src/security.c

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
   2 /*
   3  * security.c:
   4  *
   5  * Contact:
   6  *   Moonlight List (moonlight-list@lists.ximian.com)
   7  *
   8  * Copyright 2009 Novell, Inc. (http://www.novell.com)
   9  *
  10  * See the LICENSE file included with the distribution for details.
  11  */
  12
  13 #include "config.h"
  14 #include "security.h"
  15 #include <mono/metadata/appdomain.h>
  16 #include <mono/metadata/assembly.h>
  17
  18 #if MONO_ENABLE_CORECLR_SECURITY
  19
  20 static struct stat platform_stat;
  21
  22 static struct stat platform_a11y_stat;
  23
  24 void
  25 a11y_stat_init (char *platform_dir)
  26 {
  27         //please keep this lookup pattern in sync with the one in A11yHelper.cs (Initiailize() method)
  28         const char* moonlight_at_novell = g_strrstr (platform_dir, "moonlight@novell.com");
  29         if (moonlight_at_novell != NULL) {
  30                 const char* after = g_strdup ("moonlight-a11y@novell.com/components");
  31                 const char* before = g_strndup (platform_dir,
  32                                                 strlen (platform_dir) - strlen (moonlight_at_novell));
  33                 const char* platform_a11y_dir = g_strconcat (before, after, NULL);
  34
  35                 memset (&platform_a11y_stat, 0, sizeof (platform_a11y_stat));
  36                 stat (platform_a11y_dir, &platform_a11y_stat);
  37                 g_free (platform_a11y_dir);
  38                 g_free (before);
  39                 g_free (after);
  40                 moonlight_at_novell = NULL;
  41         }
  42 }
  43
  44
  45 const static char* platform_code_assemblies [] = {
  46         "mscorlib.dll",
  47         "System.dll",
  48         "System.Core.dll",
  49         "System.Net.dll",
  50         "System.Runtime.Serialization.dll",
  51         "System.ServiceModel.dll",
  52         "System.ServiceModel.Web.dll",
  53         "System.Windows.dll",
  54         "System.Windows.Browser.dll",
  55 //      right now there are no [SecurityCritical] nor [SecuritySafeCritical] code inside the next two assemblies
  56 //      so we'll treat them (at runtime) just like "application code" to reduce our attack surface
  57 //      "System.Xml.dll",
  58 //      "Microsoft.VisualBasic.dll",
  59 #if DEBUG
  60         "jtr.dll",
  61 #endif
  62 };
  63
  64 static gboolean
  65 determine_platform_image (const char *image_name)
  66 {
  67         struct stat info;
  68         gchar *dir, *name;
  69         unsigned int i;
  70         struct stat the_platform_stat = platform_stat;
  71         gboolean a11y = FALSE;
  72
  73         if (!image_name)
  74                 return FALSE;
  75
  76         /* all platform code resides in the same directory */
  77         dir = g_path_get_dirname (image_name);
  78         if (!dir || stat (dir, &info) != 0) {
  79                 g_free (dir);
  80                 return FALSE;
  81         }
  82
  83         name = g_path_get_basename (image_name);
  84         if (!name) {
  85                 g_free (dir);
  86                 return FALSE;
  87         }
  88
  89         if (g_ascii_strcasecmp (name, "MoonAtkBridge.dll") == 0) {
  90                 the_platform_stat = platform_a11y_stat;
  91                 a11y = TRUE;
  92         }
  93
  94         /* we avoid comparing strings, e.g. /opt/mono/lib/moon versus /opt/mono//lib/moon */
  95         if ((the_platform_stat.st_mode != info.st_mode) ||
  96                 (the_platform_stat.st_ino != info.st_ino) ||
  97                 (the_platform_stat.st_dev != info.st_dev)) {
  98                 g_free (dir);
  99                 g_free (name);
 100                 return FALSE;
 101         }
 102         g_free (dir);
 103
 104         if (a11y == TRUE){
 105                 g_free (name);
 106                 return TRUE;
 107         }
 108
 109         /* we know the names of every platform assembly, because we ship them */
 110         for (i = 0; i < G_N_ELEMENTS (platform_code_assemblies); i++) {
 111                 if (g_ascii_strcasecmp (name, platform_code_assemblies [i]) == 0) {
 112                         g_free (name);
 113                         return TRUE;
 114                 }
 115         }
 116         g_free (name);
 117         return FALSE;
 118 }
 119
 120 #define DISABLE_SECURITY "MOON_DISABLE_SECURITY_PREVIEW_" PREVIEW_VERSION
 121
 122 void
 123 security_enable_coreclr (const char *platform_dir)
 124 {
 125         if (g_getenv (DISABLE_SECURITY) != NULL) {
 126                 g_warning ("CORECLR was DISABLED using %s override", DISABLE_SECURITY);
 127                 g_warning ("this disables both code verification and metadata verification on code\n"
 128                            "downloaded from untrusted sources, and therefore opens up your machine\n"
 129                            "to a wide variety of attack vectors. Don't do this unless you know what\n"
 130                            "you're doing!");
 131         } else if (g_path_is_absolute (platform_dir)) {
 132                 memset (&platform_stat, 0, sizeof (platform_stat));
 133
 134                 if (stat (platform_dir, &platform_stat) == 0) {
 135
 136                         a11y_stat_init (platform_dir);
 137
 138                         mono_security_enable_core_clr ();
 139                         mono_security_set_core_clr_platform_callback (determine_platform_image);
 140                 }
 141         } else {
 142                 g_warning ("CORECLR was DISABLED due to invalid, non-absolute, platform directory");
 143         }
 144
 145         mono_assembly_setrootdir (platform_dir);
 146 }
 147
 148 #else
 149
 150 void
 151 security_enable_coreclr (const char *platform_dir)
 152 {
 153 }
 154
 155 #endif
 156