Running DLR Embedded Scripts in Minimum Security Context

Question

I need to get pointed in the right direction. I have embedded an Iron Python scripting host into a simple C# application, but now I need to know the best practices for locking down security on a user generated IronPython or IronRuby script.

Specifically, what are the strategies for preventing library imports and isn't there a way in .NET to run a block of code or a thread in a different security context, for instance to prevent file system access? Also, can this context be assigned a built-in level or role rather than an actual user?

Thanks!

Sergey Mirvoda · Accepted Answer · 2010-02-28T17:20:36.560

5

You should run scripting host in different appdomain, and setup Security Policies via Evidence property using sandboxing API

edited Feb 28 '10 at 17:20

answered Feb 28 '10 at 14:52

Sergey Mirvoda

3,209
2
26
30

Sergey, Would that prevent an IronPython open('c:\\file.txt') call? – Josh Pearce Feb 28 '10 at 18:36
not sure about Python, but if it opens file using System.IO namespace definitely yes. – Sergey Mirvoda Feb 28 '10 at 21:16
I guess you're an IronRuby guy. Would a locked down AppDomain prevent ruby's native file methods from working? – Josh Pearce Mar 01 '10 at 00:40
1

Of course! remember that IronRuby's native file methods are eventually System.IO operations. – Shay Friedman Mar 01 '10 at 05:24

Running DLR Embedded Scripts in Minimum Security Context

1 Answers1