Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
290 views
in Technique[技术] by (71.8m points)

.net - C# Load Sandboxed Assembly

Okay so, I have an application which I want to add support for other people to write modules that the application will load.

The modules would be a class extending my Module class, written in .Net. I need to know how to load these DLLs in a sandboxed environment, only allowing them to read/write in certain directories.

Is this possible?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Yes, this is possible. Using Code Access Security and the .NET Sandbox. I would advise you take a look at the CSScript library (open source). This is a library that provides C# scripting and on the fly compilation into dynamic assemblies. I have used this in a project to allow end-users to write C# scripts and execute them allowing interaction with classes in my system. The project required that they had no access to File IO or MessageBox (UI) as user scripts were to execute on a server. CSSCript used elements of the .NET framework to to limit what the assembly has access to and you will get an exception if any of these prohibited types are called.

So, take a look at that. I will edit my answer once I find out some more detail on how its possible, just to let you know it is possible!


Ok found it. Here is a discussion I had with the author of CSScript a few years ago:

Me:

I am developing an application and wish to expose the ability for users to script certain actions through the UI. CSScript looks very good for this. However I also wish to allow users to do this and execute their scripts on a web server. Now this is a security nightmare as users could write "Directory.Delete(@"C:", true)" and wipe the hard drive. So would it be possible to restrict the assemblies, namespaces or even classes that a user can access from their script, to sort of run the CSScript in a secure sandbox?

Oleg:

The immediate attractive solution is to use .NET Sandbox. It is designed exactly for this sort of scenarios.The CLR standard sandboxing is available for the host application running scripts with CS-Script. The idea is that you initialise CAS before loading the suspicious script and the rest is a CLR responsibility. And if you need to configure directories/files permissions you do it with CAS tools. This way scripting is a "transportation" for the routine provided by your user. And CS-Script is a convenient mechanism for implementing such transport but the actual security concerns are addressed by .NET Sendoxing, which has comprehensive set of functionality to cover practically all possible security scenarios. With CS-script downloadables you can find the Sendboxing sample (SamplesSandboxing) which demonstrates how to prevent script from file I/O operations (e.g. create file).

So, from this I believe you need to look at .NET Sandbox and load the assemblies into that. I realise this example is specific to C# Scripting but I believe it is applicable to your scenario as CSScript examples above will show you a way to achieve sandboxing and security.

Some specific examples of how to load assemblies into a sandbox can be found here:

While we're discussing module loading, have you heard of Microsoft Prism? This provides a good framework for module loading and dependency injection (via Unity or MEF) which could be very useful when developing a plugin architecture.

Best regards,


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...