2

I'm implementing an application which will load and execute 3rd party code.

While .NET Sandboxing is fine, I can't find a way to prevent code from starting new threads.

This is a problem because AFAIK we can't enumerate and abort them safely to unload the sandbox AppDomain - we have to exit the whole process.

How could I ban Thread.Start, or (better) whitelist/blacklist specific CLR APIs?

wizzard0
  • 1,883
  • 1
  • 15
  • 38

1 Answers1

3

You would need to create a scripting environment rather than run compiled code. In this environment you could parse out unsupported/unwanted keywords.

http://msdn.microsoft.com/en-us/library/ms974577.aspx

http://osherove.com/blog/2004/2/17/make-your-net-application-support-scripting-a-practical-appr.html

http://www.codeproject.com/KB/library/Dotnet_Scriptor.aspx

There might be some way of limiting permissions of code running within an AppDomain, is this what you are talking about with Sandboxing?

Good example of use of AppDomain

You could potentially force unloading of an AppDomain if "bad stuff" was occuring with cpu and memory.

more recently in .net 4 I have noticed but not investigated HostProtection Permissions ...

System.Security.Permissions hostprotectionattribute

=== EDIT ===

It looks like CLR Hosting with Security Permission being set would be the way to go. Links...

What is CLR hosting?

http://msdn.microsoft.com/en-us/library/hbzz1a9a(v=vs.90).aspx

http://msdn.microsoft.com/en-us/library/h846e9b3(v=vs.90).aspx

http://msdn.microsoft.com/en-us/library/system.security.permissions.securitypermission(v=vs.90).aspx

Community
  • 1
  • 1
JTew
  • 3,149
  • 3
  • 31
  • 39
  • 1
    This will incur a heavy performance hit. I am making a distributed computing environment, and speed is important too, 2x penalty (C# vs C++) is okay, while 10-20x (DLR-based and/or interpreted languages) is not. I'd rather use V8 JS engine then, it's faster than DLR.... – wizzard0 Apr 01 '11 at 03:38
  • 1
    makes sense ... what about applying host protection attribute to the sections of code that you are looking at calling 3rd party dlls. i.e. self affecting threading and external threading? – JTew Apr 01 '11 at 03:42
  • 1
    I am now looking into unmanaged .NET hosting APIs, like these - http://stackoverflow.com/questions/3269290/is-it-possible-to-host-the-net-dlr-in-an-idiot-proof-sandbox , and manually checking DLLs, like Terrarium does (see http://terrarium2.codeplex.com/SourceControl/changeset/view/53207#231746 ), an ugly hack but seems like it would do the trick – wizzard0 Apr 01 '11 at 03:44
  • that required me to look into unmanaged hosts, that's not ideal, but works. – wizzard0 Apr 01 '11 at 08:40
  • This maybe worth revisiting with the advent of Roslyn. – JTew Oct 07 '14 at 00:49