 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / CLR / December 2004Sandboxed appdomain opening winforms
Hi, I'm having trouble running untrusted code inside a sandboxed AppDomain, and I was hoping that someone could help me! The code is user-supplied, and so I want my Winform application to run the code in a seperate AppDomain without any more permissions than given in the Internet permission set. This seems to work okay, except for when the code contains Winform code - such as MessageBox.Show. The following exception is thrown when UntrustedMethod is called in my sandboxed appdomain: System.Security.Policy.PolicyException: Required permissions cannot be acquired. I've tried adding UIPermissionWindow.AllWindows, but that doesn't seem to help. Thanks in advance for your help, Kirk using System; using System.Collections; using System.Reflection; using System.Security; using System.Security.Permissions; using System.Security.Policy; namespace Sandbox { interface ISandbox { void UntrustedMethod(); } [Serializable] class Sandbox : MarshalByRefObject, ISandbox { [STAThread] static void Main(string[] args) { AppDomainSetup setup = new AppDomainSetup(); setup.ApplicationName = "Sandbox secure appdomain"; setup.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory; AppDomain sandboxAppDomain = AppDomain.CreateDomain("Sandbox secure appdomain", null, setup); // Load the internet permission set, and add UIPermission.AllWindows NamedPermissionSet permSet = FindNamedPermissionSet("Internet"); permSet.AddPermission(new UIPermission(UIPermissionWindow.AllWindows)); PolicyStatement polState = new PolicyStatement(permSet); PolicyLevel domainPolicy = PolicyLevel.CreateAppDomainLevel(); AllMembershipCondition allCodeMC = new AllMembershipCondition(); CodeGroup allCodeCG = new UnionCodeGroup(allCodeMC,polState); domainPolicy.RootCodeGroup = allCodeCG; sandboxAppDomain.SetAppDomainPolicy(domainPolicy); // Try running MessageBox.Show in the appdomain try { Sandbox sandboxObject = (Sandbox)sandboxAppDomain.CreateInstanceAndUnwrap( Assembly.GetExecutingAssembly().FullName, "Sandbox.Sandbox"); sandboxObject.UntrustedMethod(); } catch (Exception ex) { Console.WriteLine(ex.ToString()); } Console.ReadLine(); } private static NamedPermissionSet FindNamedPermissionSet(string name) { IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy(); while (policyEnumerator.MoveNext()) { PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current; if (currentLevel.Label == "Machine") { IList namedPermissions = currentLevel.NamedPermissionSets; IEnumerator namedPermission = namedPermissions.GetEnumerator(); while (namedPermission.MoveNext()) { if (((NamedPermissionSet)namedPermission.Current).Name == name) { return ((NamedPermissionSet)namedPermission.Current); } } } } return null; } /// This is an untrusted method executed seperately from the rest of the application public void UntrustedMethod() { System.Windows.Forms.MessageBox.Show(AppDomain.CurrentDomain.FriendlyName); } } } Unfortunately loading *UI* code into a separate AppDomain is not a supported scenario in Windows Forms Regards Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk Hi, I'm having trouble running untrusted code inside a sandboxed AppDomain, and I was hoping that someone could help me! The code is user-supplied, and so I want my Winform application to run the code in a seperate AppDomain without any more permissions than given in the Internet permission set. This seems to work okay, except for when the code contains Winform code - such as MessageBox.Show. The following exception is thrown when UntrustedMethod is called in my sandboxed appdomain: System.Security.Policy.PolicyException: Required permissions cannot be acquired. I've tried adding UIPermissionWindow.AllWindows, but that doesn't seem to help. Thanks in advance for your help, Kirk > Unfortunately loading *UI* code into a separate AppDomain is not a > supported scenario in Windows Forms Thanks Richard, I appreciate your help. Do you (or anyone else) know the answers to these questions? - Can Winform code be *reliably* run in an AppDomain at full trust? It seems to work for me - can I rely on it? - Is there any other way to reduce the permissions of code that contains UI code, so that it can't access files / network etc? - Will it be possible in future versions of the framework? It'd be great if someone can point me to docs or a web page outlining this - I'd like to have something to show to others about why my current approach won't work. Kirk >> Unfortunately loading *UI* code into a separate AppDomain is not a >> supported scenario in Windows Forms [quoted text clipped - 5 lines] > - Can Winform code be *reliably* run in an AppDomain at full trust? It > seems to work for me - can I rely on it? What do you mean by "realiably"? Full trust means that is has all possible permissions. > - Is there any other way to reduce the permissions of code that contains > UI code, so that it can't access files / network etc? Yes, there ways of doing this. For example, you can package this code in a separate assembly, and then when the assembly is loaded you can supply evidence that will make it run at a reduced security level. I suggest reading one of the books on Code Access Security - there are several. > - Will it be possible in future versions of the framework? > > It'd be great if someone can point me to docs or a web page outlining > this - I'd like to have something to show to others about why my current > approach won't work. Ask your questions on the security newsgroup @ microsoft.public.dotnet.security Not sure what you mean by this. I run code that displays UI in separate appdomains all the time. Under what conditions is it not supported? > Unfortunately loading *UI* code into a separate AppDomain is not a > supported scenario in Windows Forms [quoted text clipped - 29 lines] > > Kirk In that using AppDomains to isolate UI code can't be done reliably because the message pump is visible across AppDomains. Regards Richard Blewett - DevelopMentor http://www.dotnetconsult.co.uk/weblog http://www.dotnetconsult.co.uk Not sure what you mean by this. I run code that displays UI in separate appdomains all the time. Under what conditions is it not supported? Hmmm, it's still not clear to me why that makes the isolation less reliable. Also, have you tried using an ApplicationContext to coordinate the winforms? > In that using AppDomains to isolate UI code can't be done reliably because > the message pump is visible across AppDomains. [quoted text clipped - 7 lines] > Not sure what you mean by this. I run code that displays UI in separate > appdomains all the time. Under what conditions is it not supported? Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.