0

I have a project that loads 3rd party modules (in the form of DLLs) and allows them to execute arbitrary code. The application loading the modules requires elevated privileges as so too will the modules.

The modules are all made in house for this project, so the risk is relatively low at the moment. However, in the future there might be outside modules needing to be loaded.

The modules don't have any need to modify, access, or do anything with any of the drives, so I would like to be able to disable any form of I/O in the modules. I haven't figure out any way to do this, or even where to start.

The dependency injection is from MEF, specifically using the Prism design patterns.

joe_coolish
  • 7,201
  • 13
  • 64
  • 111

1 Answers1

2

You should have a look at these questions:

How can I use CAS in .NET 4 to lock down my MEF extensions?

Looking for a practical approach to sandboxing .NET plugins

As well as the linked http://msdn.microsoft.com/en-us/library/bb763046.aspx

The short story is that if your application is running in full trust, then code access security attributes won't prevent addins from doing anything that they like. You'd need to load the addins in a security-limited (sandboxed) AppDomain and access them via intra-appdomain remoting. To do that, see "Sandboxing" here: http://msdn.microsoft.com/en-us/magazine/ee677170.aspx

Community
  • 1
  • 1
Chris Shain
  • 50,833
  • 6
  • 93
  • 125