System.Diagnostics will allow user kill their own process in IIS7

Hosted customers in IIS7 can use asp.net and System.Diagnostics to list all the system's process ID. They can also kill the ones that belong to their own application pools. Seems like a big security problems in IIS7 for shared hosting environment. Any suggestions on how to prevent normal users from accessing System.Diagnostics? How to limit it to administ开发者_运维知识库rators only?

Unlike with Windows 2003 and IIS6, many shared Windows 2008/IIS7 hosting environments provide their customers with dedicated application pools and Full Trust.

Whilst customers may be able to launch and kill their own processes (including their own worker processes), provided that the identity of the account that the site runs under is locked down then no real harm can be done. Also what would be the benefit to a customer having code that constantly kills their own application pool (other than to force a restart of a worker process to allow Application_Start type events to fire if you need to reload some settings there)?

I work for a shared hoster, we actually provide customers with the ability to start, stop and recycle their dedicated pools via our admin system, all they would be doing in code is pretty much the same thing.

The worst that can happen is that a customer launches a process that consumes large amounts of memory or an excessive amount of CPU (but then even their own ASP.NET code can run away out of control doing the same). We monitor our servers continuously for such anomalous behaviour and can track down the culprit within 2-3 minutes of being alerted. The end user will get a friendly warning and told not to do this again, if they do then their site is instantly shut down.

The only time I'd be worried if the hoster was running shared pools at full trust, but if they're doing that then they have a whole other security headache to overcome, process killing would be the least of their worries.