如何沙盒化一个程序集或C#源文件

huangapple go评论74阅读模式
英文:

How to sandbox an assembly or C# source file

问题

我们想为我们的客户提供一些可编程功能,因此允许他们编写自己的代码,但他们不能访问系统功能,比如

File.Delete("test.txt");

我们通过不允许全局或本地的using语句来部分实现了这一点。

但用户仍然可以通过编写完全限定的名称来访问所有.NET功能,例如

System.IO.File.Delete("test.txt");

您知道如何限制某些源文件或完整的程序集不访问系统功能吗?

英文:

We want to provide some programmability features to our clients,
so we allow them to write their own code,
but they must not have access to system features, like

File.Delete( "test.txt" );

We partially accomplished this by not allowing global or local using statements.

But the users still would be able to access all .NET features by writing fully qualified names, like:

System.IO.File.Delete( "test.txt" );

Do you know of ways to restrict certain source files, or complete assemblies, from accessing system functions?

答案1

得分: 2

If you are using .net framework (not net core or net5+) you could run the user's code in a separate AppDomain with restricted permissions.

Just a few hints (there are a lot of other permissions you can set):

var setup = new AppDomainSetup();

var perm = new PermissionSet(PermissionState.None);

perm.AddPermission(
new SecurityPermission(SecurityPermissionFlag.Execution));

perm.AddPermission(
new FileIOPermission(FileIOPermissionAccess.Read, "PathToReadOnlyFolder"));

var userCodeDomain = AppDomain.CreateDomain("UserCodeDomain", null, setup, perm);

英文:

If you are using .net framework (not net core or net5+) you could run the user's code in a separate AppDomain with restricted permissions.

Just a few hints (there are a lot of other permissions you can set):

var setup = new AppDomainSetup();

var perm = new PermissionSet(PermissionState.None);

perm.AddPermission(
       new SecurityPermission(SecurityPermissionFlag.Execution));

perm.AddPermission(
       new FileIOPermission(FileIOPermissionAccess.Read, "PathToReadOnlyFolder"));

var userCodeDomain = AppDomain.CreateDomain("UserCodeDomain", null, setup, perm);

答案2

得分: 1

最安全的替代方法可能是创建一个具有运行特定程序权限的新用户,以及与主进程通信的某种方式。用户是大多数操作系统的主要安全原语,所以这可能是您需要使用的内容。

试图限制源代码似乎几乎是不可能的,因为它从未被设计为安全屏障。

话虽如此,我可能会使用一些较小的脚本语言,比如JavaScript或Lua,这些语言设计用于在沙箱中运行。或者在虚拟机或Docker容器中运行您的系统,为每个客户专门设置,以便他们只能访问自己的数据或破坏自己的系统。只需记住定期备份,以便在他们破坏系统时可以还原系统。

英文:

The most secure alternative would likely be to create a new user that only has permission to run the specific program, and some way to communicate with your main process. Users are the main security primitive most operating systems, so that is probably what you need to use.

Trying to restrict the source code sounds like it will be next to impossible, since it was never intended as a security barrier.

That said, I would probably either use some smaller scripting language that is designed to run in a sandbox, something like javascript or Lua. Or to run your system in a virtual machine, or docker container, specific for each customer, so that they could only possibly access their own data, or break their own system. Just remember to keep frequent backups so you can restore the system when they break it.

huangapple
  • 本文由 发表于 2023年3月9日 18:49:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/75683569.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定