0

What I need to do is : Read a local C# text file, execute a method from that. This is what I'm doing.

  1. Read all text from the file
  2. Compile into a local x.dll with CSharpCodeProvider
  3. Load the dll with Assembly.LoadFrom()
  4. Then execute the method with GetType().GetMethod().Invoke()

It works fine. Now, I want to run this code securely, i.e. restrict this code from accessing the file system, network etc. Basically, I need to run this with minimal privileges.

I tried the code from Restrict plugin access to file system and network via appdomain (answer by @Babar), but still not working as expected. The code in the text file is still able to access file system.

What I'm missing here? Any other way to make it work?

The code (for loading and executing the assembly)

public class Sandboxer
{
    public static T GetResult<T>(string untrustedAssemblyDirectory, string assemblyFullPath, string className, string methodName, object[] methodParameters)
    {
        AppDomainSetup adSetup = new AppDomainSetup();
        adSetup.ApplicationBase = Path.GetFullPath(untrustedAssemblyDirectory);

        PermissionSet permSet = new PermissionSet(PermissionState.None);
        permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));

        StrongName fullTrustAssembly = typeof(Sandboxer).Assembly.Evidence.GetHostEvidence<StrongName>();

        AppDomain newDomain = AppDomain.CreateDomain("Sandboxer", null, adSetup, permSet, fullTrustAssembly);

        ObjectHandle handle = Activator.CreateInstanceFrom(
            newDomain, typeof(Sandboxer).Assembly.ManifestModule.FullyQualifiedName,
            typeof(Sandboxer).FullName
            );

        Sandboxer newDomainInstance = (Sandboxer)handle.Unwrap();
        return newDomainInstance.ExecuteUntrustedCode<T>(assemblyFullPath, className, methodName, methodParameters);
    }

    public T ExecuteUntrustedCode<T>(string assemblyName, string typeName, string entryPoint, Object[] parameters)
    {
        var method = Assembly.LoadFrom(assemblyName).GetType(typeName).GetMethod(entryPoint);
        try
        {
            T retVal = (T)method.Invoke(null, parameters);
            return retVal;
        }
        catch (Exception ex)
        {
            var expMsg = string.Empty;
            (new PermissionSet(PermissionState.Unrestricted)).Assert();
            expMsg = "Exception :\n{0}" + ex.ToString();
            CodeAccessPermission.RevertAssert();
            throw new ApplicationException(expMsg);
        }
    }
}
Community
  • 1
  • 1
Arghya C
  • 9,805
  • 2
  • 47
  • 66
  • @thehennyy the compilation is fine, and no changes are required. For load and execution, I used exactly the same code from the link. So, didn't duplicate. – Arghya C Jan 28 '16 at 12:16
  • @thehennyy I used the one by Babar, the other one is obsolete now. – Arghya C Jan 28 '16 at 12:26
  • The example code you linked works fine for me, your code does not compile because of a missing class. Nevertheless i see that you create an `UntrustedCodeProcessor` object in the other appdomain but then cast it to `(Sandboxer)handle.Unwrap()` is that intended? – thehennyy Jan 28 '16 at 13:29
  • @thehennyy ah, sorry for that. Was a copy-paste error. Have fixed now. Yes, the code works. But, the issue is, the loaded assembly (*assemblyFullPath, like C:\libs\foo.dll*) can access the file system etc. – Arghya C Jan 28 '16 at 13:35
  • For me it works, the example contains a call to `File.ReadAllText` which throws a `System.Security.SecurityException` as expected. I have added: `new WebClient().DownloadString("http://www.google.com/");` it throws also the exception. – thehennyy Jan 28 '16 at 13:38
  • @thehennyy can you add an answer and dump your complete code there? Will be super helpful to me. – Arghya C Jan 28 '16 at 13:42
  • I did not even change a single character just c&p the sandbox from the linked question. Then i have added a strong name as explained here: http://stackoverflow.com/a/10843860/4035472. Then created another project for the test assembly, c&p again, build and hit run. – thehennyy Jan 28 '16 at 13:50

0 Answers0