Permission set inversion: running a .NET 4.0 application with 'full trust - (minus) write access'
I have a WCF service to communicate with a Mathematica Kernel to evaluate arbitrary expressions and get results. (My sole intention is to utilize Mathematica as a sophisticated graph layout engine for static graphs using SVG and XAML but my math kernel host can has a decidedly simple interface that can evaluate arbitrary Mathematica expressions: that could, in case of a security breach, could lead to arbitrary code injection.)
- Is there any way to run an application in a sandbux with a 'full trust permission set - (minus) file io write access'?
Using
var e = new Evidence();
e.AddHostEvidence(new Zone(SecurityZone.Trusted));
var pset = SecurityManager.GetDefaultSandbox(e);
leads to a situation where my app crashes due to a later security exception so I want to make sure I just remove a single permission type. I do not get enough detail about the type of security exception and what caused it, my program is linked against a commercial library with no debug symbols.
How can I debug the execution inside the commercial library? Could reflector or a similar tool help me out?
How can I get a better stack trace about a security exception? (Full source of the current sandboxing application is below)
or
var pset = new PermissionSet(PermissionSet.Unrestricted); // set is empty o_O!
pset.RemovePermission(typeof(FileIOPermission)); // io permission still active
...
does not help.
full context:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Security;
using System.Security.Policy;
using System.Security.Permissions;
using System.Reflection;
using System.Runtime.Remoting;
class Sandboxer : MarshalByRefObject
{
const string uPath = @"..\..\..\KernelHost\bin\Debug";
static string aPath = Path.GetFullPath(uPath);
const string uAssembly = "KernelHost";
static void Main(string[] args)
{
var e = new Evidence();
e.AddHostEvidence(new Zone(SecurityZone.Trusted));
var pset = new PermissionSet(PermissionState.Unrestricted);
//pset.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
//pset.AddPermission(new UIPermission(UIPermissionWindow.AllWindows, UIPermissionClipboard.AllClipboard));
//pset.AddPermission(new FileIOPermission(FileIOPermissionAccess.AllAccess, aPath));
//pset.SetPermission(new UIPermission(PermissionState.None));
pset.RemovePermission(typeof(UIPermission));
//pset.SetPermission(new FileIOPermission(PermissionState.None));
var ass = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();
var ads = new AppDomainSetup();
ads.ApplicationBase = aPath;
var sandbox = AppDomain.CreateDomain(
"Sandbox",
e,
ads,
pset,
ass);
Console.WriteLine(pset.Count);
foreach (IPermission p in pset)
{
Console.WriteLine(p.ToXml());
}
sandbox.ExecuteAssemblyByName("KernelHost");
}
}
- Is there开发者_运维技巧 an available open-source/commercial sandboxing solution for .NET 4.0 or maybe at a higher level for Windows Server 2008 R2 (also for native apps) that could help me out?
Full trust is more than "everything"; it is "disable checks" - so no, you can't have "full trust except {foo}", because there would still be nothing checked. You will have to have an inclusive, albeit large, set. And I'm sure there are some pretty nasty things I can do that aren't writing files...
精彩评论