1

Is it possible to control certain permissions of a thread (and most particularly, threads created from it) in C#?

I am developing a C# app, where a new thread is created and executes certain user given code.

How can i control the operations that the user code CAN and CANNOT perform? is this possible?

In particular, i would like to restrict access to certain APIs from the use code.

One specific example is that i want to disable the ability to spawn off new threads from the user code.

*The reason for this is that the user code may spawn off new threads that may not handle exceptions themselves, leading to the crash of the entire application.

lukiffer
  • 11,025
  • 8
  • 46
  • 70
lysergic-acid
  • 19,570
  • 21
  • 109
  • 218
  • 1
    That's a complicated topic and really depends on what in particular you want to restrict. The .NET Framework has a number of ways to control access to resources. Can you be more detailed? – JamieSee May 02 '12 at 20:59

3 Answers3

2

There is no built in way to block creation of the threads in .Net as creation of the tread does not require any additional permissions.

There are also multiple ways of how user's code can spawn another thread.

If your goal is to execute hostile external assemblies you need to protect from more than just thread creation (i.e. StackOverflowException is very easy to throw and bring process down without creating new threads).

Alexei Levenkov
  • 98,904
  • 14
  • 127
  • 179
  • The developers who will donate these "Plugin" assemblies are not hostile, however failure of them to handle exceptions properly may crash MY app, which is undesirable. The code that is executed is surrounded with a try..catch block, however newly created threads are not handled by it, and will cause the application to crash. – lysergic-acid May 02 '12 at 21:17
  • In this case non-code solutions (i.e. guidance on plugin writing + disabling plugins that found to crash your app + helping developers to write code in a way that is friendly to your app) could be cheaper. Hardening application to handle all interesting cases (blocking, crashes, high CPU, new threads/connections/files/...) is **hard**. – Alexei Levenkov May 02 '12 at 21:51
0

Why don't you try this code.

Application.ThreadException += OnHandledException;

private static void OnHandledException(object sender, ThreadExceptionEventArgs e) { //handle here }

If your concern is about unhandled exception. That snippet can do the trick.

Ale Miralles
  • 604
  • 8
  • 17
0

One way to insulate your application from the 'plugin' is to use a separate AppDomain to host it. This is not easy, however, mainly because the insulation requires marshaling of references. You can never have a direct reference to an instance in another AppDomain, as this breaks the insulation, so .NET supports a sophisticated proxying model. The downside to this is that all of your code must be written with this proxying in mind, with your proxied reference objects deriving from MarshalByRefObject and all non-proxied objects must support serialization to cross the remoting boundaries by copying. All of this naturally comes with a performance hit, as well. Once you've done this work, though, you can now allow an AppDomain to 'crash' without bringing down your entire application, though your main application will still have to handle the resulting exceptions (any marshaled reference call can throw a RemotingException if the reference has 'died'.)

The next step up in isolation is to create an external hosting process and use some form of inter-process communication to interact with the external code. This gives you excellent isolation (even protection against most unmanaged code unruliness: buggy unmanaged code in an AppDomain can still bring down the whole app) but it adds yet more complexity and performance overhead.

Dan Bryant
  • 27,329
  • 4
  • 56
  • 102
  • Actually the user code runs in a secondary app domain, and not the main one. This does not seem to stop the crash though. – lysergic-acid May 03 '12 at 04:31
  • 1
    @liortal, see [this answer](http://stackoverflow.com/questions/6520850/can-unhandled-exceptions-in-child-appdomains-be-prevented-from-crashing-the-main) for more information. Apparently I was incorrect; threading exceptions will still bring down the whole app. Out-of-process hosting is your best option, then. – Dan Bryant May 03 '12 at 13:51